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Preface (2003 Edition) 


This is a slighty revised version of the 1985 edition of my logic book. Many ty- 
pos and errors have been corrected and the line drawings have been improved. 
Most mistakes were minor, except for a subtle error in Theorem 4.3.3. Indeed, 
the second part of the theorem about the complexity of the proof tree T ob- 
tained from a resolution refutation D is false: It is not necessarily the case 
that the number of leaves of T is less than or equal to the number of resolution 
steps in D. As a consequence, Lemma 4.3.4 is also false. 


In this revised edition, we simply removed all statements about the com- 
plexity of the conversion of resolution refutations into proof trees. Hopefully, 
this part of the book is now correct, as well as the rest of it! 


Some parts of the book have now aged, in particular, the parts about 
PROLOG. Also, eighteen years later, I would prefer to present some of the 
material in a different order and in a different manner. In particular, I would 
separate more clearly the material on the resolution method (Chapter 4) from 
the more proof-theory oriented material. However, I consider this too big a 
task and this mildly revised version will have to do (at least, for now!). 


Ideally, a number of topics should also be covered, for example, some 
basics of constructive logic, linear logic, temporal logic and model checking. 
Again, this is too formidable a task for a single individual and I hope that 
readers enjoy this new version of my book anyway. 


It should be noted that this book is of “preTR&X vintage.” This means 
that LaTRX was not available at the time this book was written, which implies 
that I had to write macros (stolen and adapted from D. Knuth blue TeX 
book) to do chapter headings, etc. I also had to adapt the infamous macro 
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makeindex to produce the dreaded index (which was turned into final form 
using a PASCAL program!). Thus, I indulged in the practice of the change of 
catcode to turn the symbol * into an active character, among other strange 
things! Nevertheless, I am grateful to Knuth for producing TEX. Without it, 
this book would not be alive. 


In retrospect, I realize how much I was inspired by, and thus, how much 
I owe, Gerhard Gentzen, Jacques Herbrand, Stephen Kleene, Gaisi Takeuti, 
Raymond Smullyan, Peter Andrews and last but not least, Jean-Yves Girard. 
You have my deepest respect for your seminal and inspiring work and I thank 
all of you for what you taught me. 


Philadelphia, June 2003 Jean Gallier 


Preface (1985 Edition) 


This book is intended as an introduction to mathematical logic, with an em- 
phasis on proof theory and procedures for constructing formal proofs of for- 
mulae algorithmically. 


This book is designed primarily for computer scientists, and more gen- 
erally, for mathematically inclined readers interested in the formalization of 
proofs, and the foundations of automatic theorem-proving. 


The book is self contained, and the level corresponds to senior under- 
graduates and first year graduate students. However, there is enough material 
for at least a two semester course, and some Chapters (Chapters 6,7,9,10) con- 
tain material which could form the basis of seminars. It would be helpful, but 
not indispensable, if the reader has had an undergraduate-level course in set 
theory and/or modern algebra. 


Since the main emphasis of the text is on the study of proof systems and 
algorithmic methods for constructing proofs, it contains some features rarely 
found in other texts on logic. Four of these features are: 


(1) The use of Gentzen Systems; 


(2) A Justification of the Resolution method via a translation from a 
Gentzen System; 


(3) A presentation of SLD-resolution and a presentation of the foundations 
of PROLOG; 


(4) Fast decisions procedures based on congruence closures. 


vil 
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A fruitful way to use this text is to teach PROLOG concurently with the 
material in the book, and ask the student to implement in PROLOG some of 
the procedures given in the text, in order to design a simple theorem-prover. 


Even though the main emphasis of the book is on the design of proce- 
dures for constructing formal proofs, the treatment of the semantics is per- 
fectly rigorous. The following paradigm has been followed: Having defined 
the syntax of the language, it is shown that the set of well-formed formulae 
is a freely generated inductive set. This is an important point, which is often 
glossed over. Then, the concepts of satisfaction and validity are defined by 
recursion over the freely generated inductive set (using the “unique homo- 
morphic extension theorem”, which can be rigorously justified). Finally, the 
proof theory is developped, and procedures for constructing proofs are given. 
Particular attention is given to the complexity of such procedures. 


In our opinion, the choice of Gentzen systems over other formal systems 
is pedagogically very advantageous. Gentzen-style rules reflect directly the 
semantics of the logical connectives, lead naturally to mechanical proof pro- 
cedures, and have the advantage of having duality “built in’. Furthermore, in 
our opinion, Gentzen systems are more convenient than tableaux systems or 
natural deduction systems for proof-theoretical investigations (cut-free proofs 
in particular). In three years of teaching, I have found that Gentzen-like 
systems were very much appreciated by students. 


Another good reason for using a formal system inspired from Gentzen (a 
sequent calculus), is that the completeness theorem is obtained in a natural 
and simple way. Furthermore, this approach even yields a program (the search 
procedure) for constructing a proof tree for a valid formula. In fact, in our pre- 
sentation of the completeness theorem (inspired by Kleene, Kleene 1967), the 
search for a proof tree is described by a program written in pseudo-PASCAL. 
We also show how a proof procedure for first-order logic with equality can be 
developed incrementally, starting with the propositional case. 


The contents of the book are now outlined. 
Chapter 1 sets the goals of the book. 


Chapter 2 has been included in order to make the book as self contained 
as possible, and it covers the mathematical preliminaries needed in the text. 
It is recommended to refer to this Chapter only when needed, as opposed to 
reading it entirely before proceeding to Chapter 3. 


Propositional logic is studied in Chapter 3. This includes the syntax and 
semantics of propositional logic. Gentzen systems are introduced as a method 
for attempting to falsify a proposition. The completeness theorem is shown 
as well as some of its consequences (the conjunctive and disjunctive normal 
forms). By introducing infinite sequents, the extended completeness theorem 
and the compactness theorem are obtained. An informal exposition of the 
complexity classes P, NP, and of the concept of NP-completeness is given at 
the end of the Chapter. 
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The resolution method for propositional logic is presented in Chapter 
4. This Chapter uses a new approach for proving the completeness of resolu- 
tion. Completeness is obtained by defining a special Gentzen System whose 
completeness follows easily from the results of Chapter 3, and giving an al- 
gorithm for converting proofs in the special Gentzen Systems into resolution 
refutations. Some complexity issues are also examined. 


Chapter 5 is devoted to first-order logic. The syntax and semantics are 
presented. This includes the notions of first-order languages, structures, and 
models. Gentzen systems are extended to deal with quantifiers and equal- 
ity. The concept of a Hintikka set is also introduced. It is shown that every 
Hintikka set is satisfiable in a model whose domain is (a quotient of) a term 
algebra. This result, together with a generalization of the search procedure, is 
used to derive the main theorems of first-order logic: completeness, compact- 
ness, model existence, Lowenheim-Skolem theorems. One of the main themes 
in this Chapter is that the search procedure is a “Hintikka set builder”. 


Chapter 6 is devoted to Gentzen’s “Cut elimination Theorem” and some 
of its applications. A simple semantic proof derived from the completeness 
theorem is given for the Gentzen System LK. An entirely proof-theoretic (con- 
structive) argument is also given for a simpler system G1"”"S. This proof due 
to Schwichtenberg has the advantage that it also yields a precise upper bound 
on the length of cut-free proofs obtained from a proof with cut. This result 
is then extended to a system with equality. 


A constructive proof of Craig’s Interpolation Theorem is given, and 
Beth’s Definability Theorem and Robinson’s Joint Consistency Theorem are 
also proved. This Chapter contains more advanced material than the previous 
Chapters. 


Chapter 7 is devoted to Gentzen’s “Sharpened Hauptsatz”, Herbrand’s 
Theorem, and the Skolem-Herbrand-Gédel Theorem. As Chapter 6, this 
Chapter contains more advanced material. Gentzen’s “Sharpened Hauptsatz” 
for prenex sequents is proved constructively, using proof transformation tech- 
niques. A version of the “Sharpened Hauptsatz” is also proved constructively 
for sequents consisting of formulae in NNF. To prove this result, a new Gentzen 
system with quantifier rules applying to certain subformulae is defined. This 
version of the “Sharpened Hauptsatz” for sequents in NNF appears to be 
new. Using these results, constructive versions of Herbrand’s Theorem are 
proved, as well as Andrews’s version of the Skolem-Herbrand-Gédel Theorem 
(Andrews 1981). The class of primitive recursive functions and the class of 
recursive functions are also briefly introduced. 


In Chapter 8, the resolution method for first-order logic is presented. A 
recursive unification algorithm inspired from Robinson’s algorithm (Robinson 
1965) is presented. Using results from Chapter 4 and the Skolem-Herbrand- 
Godel Theorem, the completeness of first-order resolution is 
shown, using the “lifting technique”. Paramodulation is also briefly discussed. 
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Chapter 9 is devoted to SLD-resolution and the foundations of PRO- 
LOG. Using techniques from Chapter 4, the completeness of SLD-resolution is 
shown, by translating proofs in a certain Gentzen system into SLD-refutations. 
This approach appears to be new. Logic programs are defined, and a model- 
theoretic semantics is given. It is shown that SLD-resolution is a sound and 
complete computational proof procedure for logic programs. Most of this ma- 
terial can only be found in research papers, and should be useful to readers 
interested in logic programming. 


In Chapter 10 (the last Chapter), a brief presentation of many-sorted 
first-order logic is given. This presentation should be sufficient preparation 
for readers interested in the definition of abstract data types, or computing 
with rewrite rules. Finally, an extension of the congruence closure method of 
Nelson and Oppen (Nelson and Oppen 1980) to the many-sorted case and its 
application to fast decision procedures for testing the validity of quantifier-free 
formulae are presented. 


This book grew out of a number of class notes written for a graduate 
course in logic for computer scientists, taught at the University of Pennsylva- 
nia (CIS581). The inspiration for writing the book came from Sheila Greibach 
(my advisor at UCLA) and Ronald Book (my “supervisor” at UCSB, while I 
was a “Post Doc”), who convinced me that there is no better way to really 
know a topic than writing about it. 


I wish to thank my colleagues Saul Gorn, Dale Miller and Alex Pelin 
for reading the manuscript very carefully, and for many helpful comments. 
I also wish to thank my students William Dowling, Tomas Isakowitz, Harry 
Kaplan, Larry Krablin, Francois Lang, Karl Schimpf, Jeff Stroomer, Stan 
Raatz and Todd Rockoff for their help in “debugging” the manuscript. This 
includes reporting of typos, stylistic improvements, additional exercises, and 
correction of mistakes. 


Philadelphia, July 1985 Jean Gallier 


How To Use This 
Book As A Text 


This book is written at the level appropriate to senior undergraduate and first 
year graduate students in computer science, or mathematics. The prereque- 
sites are the equivalent of undergraduate-level courses in either set theory, 
abstract algebra, or discrete structures. All the mathematical background 
necessary for the text itself is contained in Chapter 2, and in the Appendix. 
Some of the most difficult exercises may require deeper knowledge of abstract 
algebra. 


Most instructors will find it convenient to use Chapter 2 on a “call by 
need” basis, depending on the background of the students. However, to the 
authors’s experience, it is usually desirable to review the material contained 
in Sections 2.1, 2.2 and 2.3. 


To help the instructor make up a course, at the end of this section we give 
a graph showing the dependence of the Sections and Chapters. This graph 
only applies to the text itself, but not to the exercises, which may depend on 
any earlier Sections. 


The core of the subject which, in the author’s opinion, should be part 
of any course on logic for computer science, is composed of Sections 3.1, 3.2, 
3.3 (excluding 3.3.5), 3.4, 3.5, 5.1, 5.2, 5.3, 5.4, 5.5. 


The Sections which are next in priority (as core Sections) are 3.6, 5.6, 
G16 2.63.71, 72.7.9: 75: 


More advanced topics suitable for seminars are covered in Sections 6.4, 
6.5, 6.6, 6.7, 7.4, 7.6 and in Chapter 10. 


Sections marked with a star (*) give a glimpse of topics only sketched 
in this book. They can be omitted at first reading. 
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Some results from Section 2.4 are required in Chapter 5. However, in 
order to shorten Chapter 2, this material as well the material on many-sorted 
algebras has been made into an Appendix. Similarly, to be perfectly rigorous, 
Chapter 8 depends on Section 7.6 (since the Skolem-Herbrand-Gédel Theorem 
proved in Section 7.6 is used to prove the completeness of resolution). How- 
ever, if the emphasis of the course is on theorem-proving techniques rather 
than on foundations, it is possible to proceed directly from Section 5.5 to 
Chapter 8 after having covered Chapter 4). The instructor may simply quote 
the Herbrand-Skolem-Gédel Theorem from Section 7.6, without proof. 


Hence, depending on the time available and the level of the class, there 
is flexibility for focusing more on automatic theorem-proving methods, or 
more on foundations. A one semester course emphasizing theorem-proving 
techniques may consist of the core, plus Chapter 4, Chapter 8, and possibly 
part of Chapter 9. A one semester course emphasizing foundations may consist 
of the core, plus Chapter 6 and Chapter 7. 


The ideal situtation is to teach the course in two semesters, with au- 
tomatic theorem-proving techniques first. The second semester covers the 
foundations, and finishes with a more complete coverage of Chapter 9, Chap- 
ter 10, and possibly some material on decision procedures, or on rewrite rules. 


It is also possible to use Chapter 6 and Chapter 7 as the core of a seminar 
on analytic versus non-analytic proofs. 


Problems are usually found at the end of each Section. The problems 
range from routine to very difficult. Difficult exercises or exercises requiring 
knowledge of material not covered in the text are marked with a star (*). Very 
difficult exercises are marked with a double star (*««). A few programming 
assignments have been included. 


Some historical remarks and suggestions for further reading are included 
at the end of each Chapter. Finally the end of a proof is indicated by the 
symbol ( (box). The word “iff” is used as an abbreviation for “if and only 
if”. 
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Chapter 1 


Introduction 


Logic is concerned mainly with two concepts: truth and provability. These 
concepts have been investigated extensively for centuries, by philosophers, 
linguists, and mathematicians. The purpose of this book is by no means to 
give a general account of such studies. Instead, the purpose of this book 
is to focus on a mathematically well defined logical system known as first- 
order logic (and, to some extent, many-sorted logic), and prove some basic 
properties of this system. In particular, we will focus on algorithmic methods 
for proving theorems (often referred to as automatic theorem proving). 


Every logical system consists of a language used to write statements also 
called propositions or formulae. Normally, when one writes a formula, one has 
some intended interpretation of this formula in mind. For example, a formula 
may assert a true property about the natural numbers, or some property that 
must be true in a data base. This implies that a formula has a well-defined 
meaning or semantics. But how do we define this meaning precisely? In logic, 
we usually define the meaning of a formula as its truth value. A formula can 
be either true (or valid) or false. 


Defining rigorously the notion of truth is actually not as obvious as it 
appears. We shall present a concept of truth due to Tarski. Roughly speaking, 
a formula is true if it is satisfied in all possible interpretations. So far, we have 
used the intuitive meaning of such words as truth, interpretation, etc. One of 
the objectives of this book is to define these terms rigorously, for the language 
of first-order logic (and many-sorted first-order logic). The branch of logic 
in which abstract structures and the properties true in these structures are 
studied is known as model theory. 


Once the concept of truth has been defined rigorously, the next question 
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is to investigate whether it is possible to find methods for deciding in a finite 
number of steps whether a formula is true (or valid). This is a very difficult 
task. In fact, by a theorem due to Church, there is no such general method 
for first-order logic. 


However, there is another familiar method for testing whether a formula 
is true: to give a proof of this formula. 


Of course, to be of any value, a proof system should be sound, which 
means that every provable formula is true. 


We will also define rigorously the notion of proof, and proof system 
for first-order logic (and many-sorted first-order logic). The branch of logic 
concerned with the study of proof is known as proof theory. 


Now, if we have a sound proof system, we know that every provable 
formula is true. Is the proof system strong enough that it is also possible to 
prove every true formula (of first-order logic)? 


A major theorem of Gédel shows that there are logical proof systems in 
which every true formula is provable. This is referred to as the completeness 
of the proof system. 


To summarize the situation, if one is interested in algorithmic meth- 
ods for testing whether a formula of first-order logic is valid, there are two 
logical results of central importance: one positive (Gédel’s completeness the- 
orem), the other one negative (Church’s undecidability of validity). Roughly 
speaking, Gédel’s completeness theorem asserts that there are logical calculi 
in which every true formula is provable, and Church’s theorem asserts that 
there is no decision procedure (procedure which always terminates) for decid- 
ing whether a formula is true (valid). Hence, any algorithmic procedure for 
testing whether a formula is true (or equivalently, by Gédel’s completeness 
theorem, provable in a complete system) must run forever when given certain 
non-true formulae as input. 


This book focuses on Gédel’s positive result and its applications to 
automatic theorem proving. We have attempted to present a coherent ap- 
proach to automatic theorem proving, following a main thread: Gentzen-like 
sequent calculi. The restriction to the positive result was dictated mostly by 
the lack of space. Indeed, it should be stressed that Church’s negative result 
is also important, as well as other fundamental negative results due to Gédel. 
However, the omission of such topics should not be a severe inconvenience to 
the reader, since there are many texts covering such material (see the notes 
at the end of Chapter 5). 


In spite of the theoretical limitation imposed by Church’s result, the goal 
of automatic theorem proving (for short, atp) is to find efficient algorithmic 
methods for finding proofs of those formulae that are true. 


A fairly intuitive method for finding such algorithms is the completeness 
proof for Gentzen-like sequent calculi. This approach yields a complete pro- 
cedure (the search procedure) for proving valid formulae of first-order logic. 
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However, the search procedure usually requires an enormous amount of space 
and time and it is not practical. Hence, we will try improve it or find more 
efficient proof procedures. 


For this, we will analyze the structure of proofs carefully. Fundamental 
results of Gentzen and Herbrand show that if a formula is provable, then it 
has a proof having a certain form, called a normal form. 


The existence of such normal forms can be exploited to reduce the size 
of the search space that needs to be explored in trying to find a proof. Indeed, 
it is sufficient to look for proofs in normal form. 


The existence of normal forms is also fundamental because it reduces the 
problem of finding a proof of a first-order formula to the problem of finding a 
proof of a simpler type of formula, called a proposition. Propositions are much 
simpler than first-order formulae. Indeed, there are algorithms for deciding 
truth. One of the methods based on this reduction technique is the resolution 
method, which will be investigated in Chapters 4 and 8. 


Besides looking for general methods applying to the class of all true (first- 
order) formulae, it is interesting to consider subclasses for which simpler or 
more efficient proof procedures exist. Indeed, for certain subclasses there may 
be decision procedures. This is the case for propositions, and for quantifier- 
free formulae. Such cases are investigated in Chapters 3 and 10 respectively. 


Unfortunately, even in cases in which algorithms exist, another difficulty 
emerges. A decision procedure may take too much time and space to be 
practical. For example, even testing whether a proposition is true may be 
very costly. This will be discussed in Chapter 3. 


Automatic theorem proving techniques can be used by computer sci- 
entists to axiomatize structures and prove properties of programs working 
on these structures. Another recent and important role that logic plays in 
computer science, is its use as a programming language and as a model of 
computation. For example, in the programming language PROLOG, pro- 
grams are specified by sets of assertions. In such a programming language, a 
computation is in fact a proof, and the output of a program is extracted from 
the proof. Promoters of such languages claim that since such programs are 
essentially logical formulae, establishing their correctness is trivial. This is not 
quite so, because the concept of correctness is relative, and the semantics of a 
PROLOG program needs to be expressed in a language other than PROLOG. 
However, using logic as a vehicle for programming is a very interesting idea 
and should be a selling point for skeptics. This use of logic will be investigated 
in Chapter 9. 


Chapter 2 


Mathematical 
Preliminaries 


This chapter is devoted to mathematical preliminaries. This fairly lengthy 
chapter has been included in order to make this book as self-contained as 
possible. Readers with a firm mathematical background may skim or even 
skip this chapter entirely. Classroom experience shows that anyone who is 
not acquainted with the material included in Section 2.3 should probably 
spend some time reading Sections 2.1 to 2.3. In any case, this chapter can be 
used as a library of useful facts and may be consulted whenever necessary. 


Since trees, inductive definitions and the definition of functions by re- 
cursion play an important role in logic, they will be defined carefully. First, 
we review some basic concepts and establish the terminology and notation 
used in this book. It is assumed that the reader is familiar with the basic 
properties of sets. For more details, the reader may consult Enderton, 1972; 
Enderton, 1977; Lewis and Papadimitriou, 1981; or Suppes, 1972. 


2.1 Relations, Functions, Partial Orders, Induction 
First, we review the concepts of Cartesian product, tuple and relation. 


2.1.1 Relations 


Given two sets A and B (possibly empty), their Cartesian product denoted 
by A x B is the set of ordered pairs 


{<a,b> |aeA, bE Bh. 
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Given any finite number of sets A,...,A,, the Cartesian product 
A, X ... X Ap is the set of ordered n-tuples 


{< a1,.;4n > | aj € Aj, l<i<n} 


(An ordered n-tuple < a1, ...,@, > is also denoted by (a1, ...,@n).) 


A binary relation between A and B is any subset R (possibly empty) of 
Ax B. 


Given a relation R between A and B, the set 


{rE Al aye B <az,y>e R}, 


is called the domain of R and denoted by dom(R). The set 


{ye B|sAveA <a,y>e R} 


is called the range of R and is denoted by range(R). 


When A = B, arelation R beween A and A is also called a relation on 
(or over) A. We will also use the notation «Ry as an alternate to (x,y) € R. 


2.1.2 Partial Functions, Total Functions 


A relation R between two sets A and B is functional iff, for all x € A, and 
y,z © B, (x,y) € R and (a, z) € R implies that y = z. 


A partial function is a triple f =< A,G,B >, where A and B are 
arbitrary sets (possibly empty) and G is a functional relation (possibly empty) 
between A and B, called the graph of f. 


Hence, a partial function is a functional relation such that every argu- 
ment has at most one image under f. The graph of a function f is denoted 
as graph(f). When no confusion can arise, a function f and its graph are 
usually identified. 


A partial function f =< A,G,B > is often denoted as f : A — B. For 
every element x in the domain of a partial function f, the unique element y 
in the range of f such that (x,y) € graph(f) is denoted by f(a). A partial 
function f : A— B is a total function iff dom(f) = A. It is customary to call 
a total function simply a function. 


2.1.3 Composition of Relations and Functions 


Given two binary relations R between A and B, and S between B and C, 
their composition denoted by Ro S is a relation between A and C' defined by 
the following set of ordered pairs: 


{(a,c) | db € B, (a,b) € R and (b,c) € S}. 
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Given a set A, the identity relation of A is denoted by I, and is the 
relation {(#,z) | « € A}. Note that I, is also a total function. 


Given a relation R between A and B, its converse is the relation between 
B and A denoted by R~! defined by the set 


{(b,a) € Bx A| (a,b) € R}. 


Given two partial or total functions f : A — B and g: B — C, with 
f =< A,G,,B > and g =< B,G2,C >, their composition denoted by f og 
(or f.g, or fg), is the partial or total function defined by < A,G 0 G2,C >. 
Notice that according to our notation, fog(x) = g(f(x)), that is, f is applied 
first. Note also that composition is associative. 


2.1.4 Injections, Surjections, Bijections 


A function f : A — B is injective (or one to one) iff, for all x,y € A, 
f(x) = f(y) implies that x = y. 


A function f : A — B is surjective (or onto) iff, for all y € B, there is 
some a € A such that f(a) = y. Equivalently, the range of f is the set B. 


A function is bijective iff it is both injective and surjective. 


It can be shown that a function f is surjective if and only if there exists a 
function g: B — A such that go f = Ip. If there exists a function g: B— A 
such that fog = I4, then f : A — B is injective. If f : A — B is injective 
and A # @, then there exists a function g: B — A such that fog =TI,. As 
a consequence, it can be shown that a function f : A — B is bijective if and 
only if there is a unique function f~! called its inverse such that fo f~! = I, 
and f-'o f =Ip. 


2.1.5 Direct Image, Inverse Image 


Given a (partial) function f : A — B, for every subset X of A, the direct 
image (or for short, image) of X under f is the set 


{ye Bl are X, f(x) =y} 


and is denoted by f(X). For every subset Y of B, the inverse image of Y 
under f is the set 


{ete A|ayeY, f(x) =y} 
and is denoted by f~!(Y). 


Warning: The function f may not have an inverse. Hence, f~!(Y) 
should not be confused with f~'(y) for y € B, which is only defined when f 
is a bijection. 
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2.1.6 Sequences 


Given two sets I and X, an I-indexed sequence (or sequence) is any function 
A:I— X, usually denoted by (A;)ier. The set I is called the index set. If 
X is a set of sets, (A;)ier is called a family of sets. 


2.1.7 Natural Numbers and Countability 


The set of natural numbers (or nonnegative integers) is denoted by N and is 
the set {0,1,2,3,...}. Aset Ais countable (or denumerable) iff either A = @ or 
there is a surjection h: N — A from N onto A, countably infinite iff there is a 
bijection h : N — A. Otherwise, A is said to be uncountable. The cardinality 
of a countably infinite set is denoted by w. The set of positive integers is 
denoted by Ni. For every positive integer n € N,, the set {1,...,n} is 
denoted as [n], and [0] denotes the empty set. A set A is finite iff there is a 
bijection h : [n] + A for some natural number n € N. The natural number 
n is called the cardinality of the set A, which is also denoted by |A|. When 
I is the set N of natural numbers, a sequence (A;)je7 is called a countable 
sequence, and when I is some set [n] with n € N, (A;)jer7 is a finite sequence. 


2.1.8 Equivalence Relations 


A binary relation R Cc A x A is reflexive iff for all x € A, (x,x) € R. 


The relation R is symmetric iff for all x,y € A, (a,y) € R implies that 
(y,x) € R. 


The relation R is transitive iff for allx,y,z € A, (a,y) € Rand (y,z)ER 
implies that (a, z) € R. 


The relation R is an equivalence relation if it is reflexive, symmetric and 
transitive. Given an equivalence relation R on a set A, for every x € A, the 
set {y€ A | (x,y) € R} is the equivalence class of « modulo R and is denoted 
by [a]r, or Zp, or simply [x] or Z. The set of equivalence classes modulo R 
is the quotient of A by R and is denoted by A/R. The set A/R is also called 
a partition of A, since any two distinct equivalence classes are nonempty and 
disjoint, and their union is A itself. The surjective function hp : A —> A/R 
such that hr(x) = [z]p is called the canonical function associated with R. 


Given any relation R on a set A, we define the powers of R as follows: 
For every integer n > 0, 


R° =I, R'=R, and R™*1 = RoR. 


The union 
Rr =|) RP 


n>1 
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called the transitive closure of R is the smallest transitive relation on A con- 


taining R, and 


n>0 


is called the reflexive and transitive closure of R and is the smallest reflexive 
and transitive relation on A containing R. It is obvious that Ré = Ro R* = 
R* oR, and that R* = I, UR*. Thus, it can also be shown that for any 
relation R on a set A, (RU R~+)* is the least equivalence relation containing 
R. 


2.1.9 Partial and Total Orders 


A relation R on a set A is antisymmetric iff for all x,y € A, (x,y) € R and 
(y,2) € R implies that x = y. 


A relation R ona set A is a partial order iff R is reflexive, transitive and 
antisymmetric. 


Given a partial order R on a set A, the pair < A, R > is called a partially 
ordered set (or poset). A partial order is often denoted by the symbol <. 


Given a partial order < on a set A, given any subset X of A, X is a 
chain iff for all z,y € X, either x < y, or y< a. 


A partial order < on a set A is a total order (or a linear order) iff A is 
a chain. 


Given a partial order < on a set A, given any subset X of A, an element 
b€ Aisa lower bound of X iff for alla €¢ X,b< a. An element m € A is an 
upper bound of X iff for alla € X, 2 <m. Note that b or m may or may not 
belong to X. It can be easily shown that a lower bound (resp. upper bound) 
of X in X is unique. Hence the following definition is legitimate. 


An element 6 € X is the least element of X iff for alla € X,b < a. 
An element m € X is the greatest element of X iff for alla € X, 2 <m. In 
view of the above remark, least and greatest elements are unique (when they 
exist). 


Given a subset X of A, an element b € X is minimal in X iff for all 
xe X,x < bimplies that x = 6b. Anelement m € X is maximal in X if for all 
xe X,m< «x implies that m = x. Contrary to least and greatest elements, 
minimal or maximal elements are not necessarily unique. 


An element m € A is the least upper bound of a subset X, iff the set of 
upper bounds of X is nonempty, and m is the least element of this set. An 
element b € A is the greatest lower bound of X if the set of lower bounds of 
X is nonempty, and b is the greatest element of this set. 


Although the following fundamental result known as Zorn’s lemma will 
not be used in the main text, it will be used in some of the problems. Hence, 
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this result is stated without proof. For details and the proof, the reader is 
referred to Suppes, 1972; Levy, 1979; or Kuratowski and Mostowski, 1976. 


Theorem 2.1.1 (Zorn’s lemma) Given a partially ordered set < A, <>, if 
every (nonempty) chain in A has an upper bound, then A has some maximal 
element. 


2.1.10 Well-Founded Sets and Complete Induction 


A very general induction principle holds for the class of partially ordered sets 
having a well-founded ordering. Given a partial order < on a set A, the strict 
order < associated with < is defined as follows: 


x <yifand only ife<yandaFfy. 


A partially ordered set < A,<> is well-founded iff it has no infinite 
decreasing sequence (2;)ien, that is, sequence such that x;41 < «x; for all 
1>0. 


The following property of well-founded sets is fundamental. 


Lemma 2.1.1 Given a partially ordered set < A,<>, < A,<> is a well- 
founded set if and only if every nonempty subset of A has a minimal element. 


Proof: First, assume that < A,<> is well-founded. We proceed by 
contradiction. Let X be any nonempty subset of A, and assume that X does 
not have a minimal element. This means that for any x € X, there is some 
y € X such that y < x, since otherwise there would be some minimal x € X. 
Since X is nonempty, there is some xp in X. By the above remark, there is 
some x, € X such that x, < xo. By repeating this argument (using induction 
on N), an infinite decreasing sequence (x;) can be defined in X, contradicting 
the fact that A is well-founded. Hence, X must have some minimal element. 


Conversely, assume that every nonempty subset has a minimal element. 
If an infinite decreasing sequence (2;) exists in A, (#;) has some minimal 
element xz. But this contradicts the fact that r,41 < xz. 


The principle of complete induction (or structural induction) is now de- 
fined. Let (A,<) be a well-founded poset, and let P be a property of the 
set A, that is, a function P: A > {false,true}. We say that P(x) holds if 
P(x) = true. 


Principle of Complete Induction 


To prove that a property P holds for all z € A, it suffices to show that, 
for every « € A, 


(*) if w is minimal, or P(y) holds for all y < a, 
(#*) then P(«) holds. 


The statement (*) is called the induction hypothesis, and the implication 
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for all x, (*) implies (**) 


is called the induction step. Formally, the induction principle can be 
stated as: 


(Cl) (vx € A)[(Wy € A)(y <2 > P(y)) D P(x)] D (Wz € A)P(z) 


Note that if x is minimal, then there is no y € A such that y < x, and 
(Vy € A)(y < a D P(y)) is true. Hence, P(x) has to be shown to be true 
for every minimal element x. These cases are called the base cases. Complete 
induction is not valid for arbitrary posets (see the problems) but holds for 
well-founded sets as shown in the following lemma. 


Lemma 2.1.2 The principle of complete induction holds for every well- 
founded set. 


Proof: We proceed by contradiction. Assume that (CJ) is false. Then, 
(1) (Va € A)[(Vy € A)(y < #5 Py) > P(a)] 
is true and 
(2) (Vz € A)P(z) 


is false, that is, 
(az € A)(P(z) = false) 


is true. 


Hence, the subset X of A defined by 
X ={x¢eA| P(x) = false} 


is nonempty. Since A is well founded, by lemma 2.1.1, X has some minimal 
element b. Since (1) is true for all « € A, letting x = 6, 


(3) [vy € A)(y <b> P(y)) > P(d)] 
is true. If b is also minimal in A, there is no y € A such that y < b and so, 
(vy € A)(y <b> Ply) 


holds trivially and (3) implies that P(b) = true, which contradicts the fact 
that b € X. Otherwise, for every y € A such that y < b, P(y) = true, since 
otherwise y would belong to X and 6 would not be minimal. But then, 


(Vy € A)\(y<b D P(y)) 


also holds and (3) implies that P(b) = true, contradicting the fact that b € X. 
Hence, complete induction is valid for well-founded sets. 
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As an illustration of well-founded sets, we define the lexicographic or- 
dering. Given a partially ordered set (A, <), the lexicographic ordering << 
on A x A induced by < is defined a follows: For all x,y, 2’, y’ € A, 


(x,y) << (a’,y’) if and only if either 
eae and yy"; or 
x<a or 


x=x' andy <y’. 


We leave as an exercise the check that << is indeed a partial order on A x A. 
The following lemma will be useful. 


Lemma 2.1.3 If < A,<> is a well-founded partially ordered set, the lexi- 
cographic ordering << on A x A is also well founded. 


Proof: We proceed by contradiction. Assume that there is an infinite 
decreasing sequence (< xj, yi >)ien in A x A. Then, either, 


(1) There is an infinite number of distinct 2;, or 
(2) There is only a finite number of distinct 2;. 


In case (1), the subsequence consisting of these distinct elements forms 
a decreasing sequence in A, contradicting the fact that < is well founded. In 
case (2), there is some k such that for all ¢ > k, x; = x41. By definition of 
<<, the sequence (y;);>% is a decreasing sequence in A, contradicting the fact 
that < is well founded. Hence, << is well founded on A x A. 


As an illustration of the principle of complete induction, consider the 
following example in which it is shown that a function defined recursively is 
a total function. 


EXAMPLE 2.1.1 
(Ackermann’s function) The following function A: N x N — N known 


as Ackermann’s function is well known in recursive function theory for 
its extraordinary rate of growth. It is defined recursively as follows: 
A(z,y) =if «=0 then y+1 
else if y= 0 then A(a — 1,1) 
else A(x — 1, A(x, y — 1)) 
It is actually not obvious that such a recursive definition defines a partial 


function, but this can be shown. The reader is referred to Machtey and 
Young, 1978; or Rogers, 1967, for more details. 


We wish to prove that A is a total function. We proceed by com- 
plete induction over the lexicographic ordering on N x N. 
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The base case is x = 0, y = 0. In this case, since A(0,y) = y +1, 
A(0,0) is defined and equal to 1. 


The induction hypothesis is that for any (m,n), A(m’,n’) is defined 
for all (m’,n’') << (m,n), with (m,n) 4 (m’,n’). 


For the induction step, we have three cases: 


(1) If m = 0, since A(0,y) = y+ 1, A(0,n) is defined and equal to 
n+l. 


(2) If m 4 0 and n = 0, since (m — 1,1) << (m,0) and (m—1,1) F 
(m, 0), by the induction hypothesis, A(m — 1,1) is defined, and so 
A(m, 0) is defined since it is equal to A(m — 1,1). 


If m #0 and n ¥ 0, since (m,n — 1) << (m,n) and (m,n—1) 4 
(m,n), by the induction hypothesis, A(m,n — 1) is defined. Since 
(m—1,y) << (m,z) and (m—1,y) 4 (m,z) no matter what y and 
z are, (m—1, A(m,n—1)) << (m,n) and (m—1, A(m,n—1)) ¥ 
(m,n), and by the induction hypothesis, A(m — 1, A(m,n — 1)) is 
defined. But this is precisely A(m,n), and so A(m,n) is defined. 
This concludes the induction step. Hence, A(x, y) is defined for all 
x,y = 0. 


— 
w 
cay, 


2.1.11 Restrictions and Extensions 


We define a partial ordering C on partial functions as follows: f C g if and 
only if graph(f) is a subset of graph(g). We say that g is an extension of f 
and that f is a restriction of g. The following lemma will be needed later. 


Lemma 2.1.4 Let (fn)n>o0 be a sequence of partial functions f, : A - B 
such that fn C fn4i for alln > 0. Then, g = (A,U graph(f,), B) is a partial 
function. Furthermore, g is the least upper bound of the sequence (f;,). 


Proof: First, we show that G = LJ graph(f,,) is functional. Note that for 
every (x,y) € G, there is some n such that (a, y) € graph(f,). If (2, y) € G 
and (x,z) € G, then there is some m such that (x,y) € graph(fm) and some 
n such that (x, z) € graph(f,). Letting k = max(m,n), since (fp) is a chain, 
we have (x,y) € graph(f,) and (a, z) € graph(f,). But since graph(fy) is 
functional, we must have y = z. Next, the fact that each relation graph(f,,) is 
contained in G is obvious since G = LJ graph(f,). If h is any partial function 
such that graph(f,) is a subset of graph(h) for all n > 0, by definition of a 
union, G = Ugraph(fn) is a subset of h. Hence, g is indeed the least upper 
bound of the chain (f,). 


2.1.12 Strings 


Given any set A (even infinite), a string over A is any finite sequence u : [n] > 
A, where n is a natural number. It is customary to call the set A an alphabet. 
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Given a string wu: [n] > A, the natural number n is called the length of u and 
is denoted by |u|. For n = 0, we have the string corresponding to the unique 
function from the empty set to A, called the null string (or empty string), and 
denoted by ea, or for simplicity by e when the set A is understood. Given 
any set A (even infinite), the set of all strings over A is denoted by A*. If 
u:[n] > A is a string and n > 0, for every i € [n], u(z) is some element of A 
also denoted by u;, and the string wu is also denoted by wy4...uy. 


Strings can be concatenated as follows. Given any two strings u : [m] > 
A and v: [n] > A, (m,n > 0), their concatenation denoted by u.v or uv is 
the string w : [m+n] — A such that: 


Ge u(t) ifl<i<m; 
ODS) oi—m) ifm+1<ismetn. 


One verifies immediately that for every string u, ue = eu = u. In 
other words, viewing concatenation as an algebraic operation on the set A* 
of all strings, e is an identity element. It is also obvious that concatenation is 
associative, but not commutative in general. 


Given a string u, a string v is a prefix (or head) of u if there is a string 
w such that u = vw. A string v is a suffix (or tadl) of u if there is a string 
w such that u = wv. A string v is a substring of u if there are strings x and 
y such that u = avy. A prefix v (suffix, substring) of a string u is proper if 


vAU. 


2.2 Tree Domains and Trees 


In order to define finite or infinite trees, we use the concept of a tree domain 
due to Gorn (Gorn, 1965). 


2.2.1 Tree Domains 


A tree domain D is a nonempty subset of strings in N* satisfying the condi- 
tions: 

(1) For each u € D, every prefix of u is also in D. 

(2) For each u € D, for every i € Nx, if wt € D then, for every j, 
1<j <7, uj is also in D. 


EXAMPLE 2.2.1 
The tree domain 


D = {e,1,2,11, 21, 22, 221, 222, 2211} 


is represented as follows: 
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e 
“A \ 
1 2 
"A Lo \ 
1a 21 22 
L ~ 
221 222 
i 
2211 


2.2.2 Trees 


Given a set © of labels, a X-tree (for short, a tree) is a total function t : D > &, 
where D is a tree domain. 


The domain of a tree t is denoted by dom(t). Every string u in dom(t) 
is called a tree address or a node. 


EXAMPLE 2.2.2 


Let © = {f,g,h, a,b}. The tree t: D — ©, where D is the tree domain 
of example 2.2.1 and t is the function whose graph is 


{(e, f), 1, 2), (2,9), (11, a), (21, a), (22, f), (221, h), (222, b), (2211, a)} 


is represented as follows: 


z 
x Sy 
h g 
a ye SS 
a a f 
x “sy 

h b 
1 
a 


The outdegree (sometimes called ramification) d(u) of a node u is the 
cardinality of the set {7 | ui € dom(t)}. Note that the outdegree of a node can 
be infinite. Most of the trees that we shall consider will be finite-branching, 
that is, for every node u, d(u) will be an integer, and hence finite. A node 
of outdegree 0 is called a leaf. The node whose address is e is called the root 
of the tree. A tree is finite if its domain dom(t) is finite. Given a node wu in 
dom(t), every node of the form ui in dom(t) with i € N, is called a son (or 
immediate successor) of u. 
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Tree addresses are totally ordered lexicographically as follows: u < v if 
either u is a prefix of v or, there exist strings x,y,z € N4 and i,7 € Ni, with 
i<j, such that u = xviy and v = jz. In the first case, we say that u is an 
ancestor (or predecessor) of v (or u dominates v) and in the second case, that 
u is to the left of v. If y= e and z = e, we say that «7 is a left brother (or left 
sibling) of xj, (« <j). Two tree addresses u and v are independent if u is not 
a prefix of v and v is not a prefix of u. 


2.2.3 Paths 


A finite path with source u and target v is a finite sequence of nodes ug,U1,.--,Un 
such that ug = u, Un = v, and for all j7, 1 < 7 <n, uj = uj_12; for some 
i; € Ny. The length of a path uo,t,...,Un is n (n > 0). When n = 0, we 
have the null path from u to u (of length 0). A branch (or chain) is a path 
from the root to a leaf. An infinite path with source u is an infinite sequence 
of nodes uo,t1,..-,Un,---, Such that uo = u and, for all 7 > 1, uj = uj—_1%; for 
some i; € N4. 


Given a finite tree t, the height of a node u in dom(t) is equal to 
max({length(p) | p is a path from u to a leaf}). The depth of a finite tree 
is the height of its root (the length of a longest path from the root to a leaf). 


2.2.4 Subtrees 


Given a tree t and a node u in dom(t), the subtree rooted at u (also called 
scope) is the tree t/u whose domain is the set {v | uv € dom(t)} and such 
that t/u(v) = t(uv) for all v in dom(t/u). 

Another important operation is the operation of tree replacement (or 
tree substitution). 


2.2.5 Tree Replacement 


Given two trees t; and t. and a tree address wu in t,, the result of replacing 
tg at u in 1, denoted by ti[u < ts], is the function whose graph is the set of 
pairs 

{(v,ti(v)) | wis not a prefix of v} U {(uv, to(v)}. 


EXAMPLE 2.2.3 
Let ¢; and tg be the trees defined by the following diagrams: 
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Tree t 
f 
ve SS 
h g 
we ra ae 
a a f 
Wr aN 
h b 
1 
a 
Tree to 
g 
yw SS 
a b 


2.2.6 Ranked Alphabets and »-Trees 


In many situations, it is desirable to have a standard set of symbols to name 
operations taking a specified number of arguments. Such a set is called a 
ranked alphabet (or simply stratified alphabet, or signature). 


A ranked alphabet is a set % together with a rank function r: U ON. 
Every symbol f € © has a rank (or arity) r(f) indicating the fixed number of 
arguments of f. Symbols of arity 0 are also called constants. For every n > 0, 
Xi, denotes the subset of © consisting of the function symbols of rank n. 


If the set & of labels is a ranked alphabet, a b-tree is a function t : 
dom(t) > % as before, with the additional requirement that for every node u 
in dom(t), d(u) = r(t(u)). In other words, the outdegree of a node is equal to 
the rank of its label. 
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EXAMPLE 2.2.4 


Let & = {a,b,+,*}, where a,b have rank 0, and +,* have rank 2. The 
following is a b-tree: 


The set of all &-trees is denoted by CTy and the set of all finite trees 
by Ty. Every one-node tree labeled with a constant a is also denoted by a. 


2.3 Inductive Definitions 


Most objects used in logic or computer science are defined inductively. By 
this we mean that we frequently define a set S' of objects as: 


The smallest set of objects containing a given set X of atoms, and closed 
under a given set F’ of constructors. 


The purpose of this section is to define rigorously what the above sen- 
tence means. 


2.3.1 Inductive Closures 


Let us begin with an example. 


EXAMPLE 2.3.1 


Let V = {xo0, 21, ...} be a countable set of variables, let X = VU{0, 1}, let 
+ and * two binary function symbols, let “(” denote the left parenthesis 
and “)” the right parenthesis. We wish to define the set EX PR of 
arithmetic expressions defined using the variables in V, the constants 
0,1, and the operators + and *. The following definition is often given: 


An arithmetic expression E is one of the following expressions: 
(1) A variable in V, or 0, or 1; 


(2) If Ey, and EF are arithmetic expressions, then so are (EF, + E2) and 
(Fy * Ep); 


(3) An expression is an arithmetic expression only if it is obtained by 
applications of clauses (1) and (2). 


In such a definition called an inductive definition, clause (1) defines the 
atoms, clause (2) asserts some closure conditions, and clause (3) is supposed 
to assert that the set EX PR of arithmetic expressions is the smallest set of 
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expressions containing the atoms and closed under the operations described 
in (2). However, it is by no means clear that (1),(2),(3) really define a set, 
and that this set is the smallest set having properties defined by clauses (1) 
and (2). 


The problem with the above definition is that the universe of all possible 
expressions is not defined, and that the operations defined by (2) are not 
clearly defined either. This can be remedied as follows. Let & be the alphabet 
V U {0,1,(,),+,*}, and A = &* be the set of all strings over ©. The set A 
is the universe of all possible expressions. Note that A contains a lot of 
expressions that are not arithmetic expressions, and the purpose of the above 
inductive definition is to define the subset EX PR of &* describing exactly all 
arithmetic expressions. We define the functions H, and H, from A x Ato A 
as follows: For all strings u,v € A, 

Hy(u,v) = (w+) 

H,(u,v) = (ux v) 

The string (w+ v) is the string obtained by concatenating the symbol 
“(” the string u, the symbol +, the string v, and the symbol “)”, and similarly 
for the string (u* v). Also, note that H, and H, are defined for all strings 
in A, and not just legal arithmetic expressions. For example, if u = 0 and 
v=), H4(u,v) = (0+ *)), which is not a legal arithmetic expression. 

We say that a subset Y of A is closed under H, and H, if for allu,v € Y, 
Hi(u,v) € Y and H,(u,v) € Y. We are now in a position to give a precise 
definition of the set EX PR of arithmetic expressions. We define EX PR as 
the least subset of A containing X and closed under H, and H,. The only 
remaining problem is that we have not shown that such a set actually exists. 
This can be shown in two ways that turn out to be equivalent as we will prove 
shortly. The first method which might be called a top-down method, is to 
observe that: 


(1) The family C of all subsets Y of A that contain X and are closed 
under H, and H, is nonempty, since A satisfies these properties; 


(2) Given any family of subsets of A containing X and closed under H+ 
and H,., the intersection of this family also contains X and is closed under 
A + and H. Ke 


Hence, the least subset X* of A containing X and closed under H, and 
H,, is the intersection of the family C. 


The bottom-up method is to define a sequence EX PR; of subsets of A 
by induction as follows: 


EXPRy =V U {0,1}; 
EX PR, = EXPR,U {H,(u,v), H(u,v)|u,v € EX PR;}, for i > 0. 


We let X, = UU EXPR;. We shall show below that X, = X7* and 
therefore, EX PR is equal to X41. 
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Generalizing the method described in example 2.3.1, we give the follow- 
ing general definition. 


Let A beaset, X C Aasubset of A, and F' aset of functions f : A" — A, 
each having some arity n > 0. We say that a set Y is inductive on X, iff X 
is a subset of Y and Y is closed under the functions in F, that is: For every 
function f : A" > A in F, for every y1,...,5¥n € Y, f(y1,---;Yn) is also in Y. 
Clearly, A itself is inductive on X. The intersection of all inductive sets on 
X is also closed under F and it is called the inductive closure of X under F. 
Let us denote the inductive closure of X by X*. 


If X is nonempty, since every inductive set on X contains X and there is 
at least one inductive set on X (namely A), X* is nonempty. Note that XT 
is the least inductive set containing X. The above definition is what we might 
call a top-down definition. Frequently, Xt is called the least set containing 
X and closed under F’. There is also a bottom-up and more constructive way 
of characterizing X*. The sequence of sets (X;);>0 is defined by induction as 
follows: 


Xo = X and 
Xi41 = X;U {f(x1, Ener) | f € F, B1,200,0n € Xi,n = r(f)}. 
It is clear that X; C X;4, for alli > 0. Let 


X,= U Xs 
i>0 


Lemma 2.3.1 Xt = X,. 


Proof: First we show that X¥+ is inductive on X. Since Xp = X, X+ 
contains X. Next, we show that X is closed under F’. For every f in F' of 
arity n > 0 and for all v,...,2%, € X41, by definition of X , there is some 7 
such that 71, ..., Up are all in X;, and since f(#1,..., 2%) € Xi+1 (by definition), 
f(a1,-,2n) € X4. Since X, is inductive on X and Xt is the least inductive 
set containing X, X* is a subset of X,. 


To prove that X4 is a subset of X+, we prove by induction that X; is 
a subset of X* for every i > 0. But this is obvious since X* is closed under 
F. Hence, we have shown that Xt = X,. 


The following induction principle for inductive sets is very useful: 
Induction Principle for Inductive Sets 
If X+ is the inductive closure of X under F’, for every subset Y of X4, 


if Y contains X and is closed under F’, then Y = X4. 


Lemma 2.3.2 The induction principle for inductive sets holds. 
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Proof: By hypothesis, Y is inductive on X. By lemma 2.3.1, X, = XT 
which is the least inductive set containing X. Hence, X+ is a subset of Y. 
But Y is contained in X1, so Y = X4. 


As an illustration of the induction principle, we prove that every arith- 
metic expression in £.X PR has the same number of left and right parentheses. 
Let Y be the subset of EX PR consisting of all expressions having an equal 
number of left and right parentheses. Note that Y contains X since neither 
the variables nor 0 nor 1 contain parentheses. Y is closed under H, and H, 
since these function introduce matching parentheses. Hence, by the induction 
principle, Y = EX PR. 


2.3.2 Freely Generated Sets 


One frequently needs to define functions recursively over an inductive closure. 
For example, one may want to define the process of evaluating arithmetic 
expressions. 


EXAMPLE 2.3.2 


Let E be the arithmetic expression ((%o + 1) * #1). Assume that we 
want to evaluate the value of the expression E for the assignment to the 
variables given by 29 = 2, x; = 3. Naturally, one will first compute the 
value of (xg +1), which is (2+1) = 3, and then the value of ((zo +1) #21) 
which is (3 * 3) = 9. Suppose that we now make the problem slightly 
more complicated. We want a method which, given any assignment 
uv: VU{0, 1} — N of natural numbers to the variables such that v(0) = 0 
and v(1) = 1, allows us to evaluate any expression E. The method is to 
evaluate expressions recursively. This means that we define the function 
v: EXPR—N such that: 


(0) v(£) = v(a;), if E is the variable x;; v(0) = 0, o(1) = 1; 
(1) U( 2) = v(f)) + v( £2), if EB is (Fy + FE); 


Note that U is an extension of v, and in fact, it can be shown that 
it is the unique extension of v satisfying (1) and (2). However, it is 
not obvious that there is a function U satisfying (0),(1),(2), and if such 
a function exists, it is not clear that it is unique. The existence and 
uniqueness of the function U is a consequence of special properties of 
the inductive closure EX PR. In fact, given an inductive closure X+ 
defined by a set X and a set F of functions, it is not always possible 
to define recursively a function extending a given function v: X — B 
(for some set B). We refer the reader to the problems of this chapter 
for a counter example. It turns out that functions are properly defined 
by recursion on an inductive closure exactly when this inductive closure 
is freely generated. The set E.X PR of expressions happens to be freely 
generated, and this is the reason functions are well defined by recursion. 
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To give an intuitive explanation of what freely generated means, observe 
that the bottom-up definition of X+ suggests that each element of X+ can 
be represented by a set of trees. Indeed, each atom, that is, each element 
x of X, is represented by the one-node tree labeled with that element, and 
each element a = f(21,...,Un) € X41 is represented by all trees of the form 
f(t1,--.,tn), where each subtree ¢; is any of the trees representing x;. Each 
element of X, is usually represented by many different trees. 


Roughly speaking, an inductive closure X is freely generated by X and 
F if every element a of X + is represented by a unique tree. 


EXAMPLE 2.3.3 


Let A = {a,b,c} and * : Ax A — A be the function defined by the 
following multiplication table: 


gone 
Se ato 


a orsa|* 
a osay]s 


Since c = *(b,b) and a = «(«(b, 0), b), the inductive closure of X = {b} 
is A. The element a is represented by the trees *(b,c), *(«(b, 6), bd), 
*(«(a, b), c), *(*(a, b), *(b, b)), and in fact by infinitely many trees. As a 
consequence, A is not freely generated by X. 

Technically, the definition of free generation is as follows. 


Let A be a set, X a subset of A, F' a set of functions on A, and X + the 
inductive closure of X under F’. We say that X¥ is freely generated by X and 
F if the following conditions hold: 


1) The restriction of every function f : A’ — Ain F' to X!” is injective. 
y Ae J 


) 
(2) For every f : A” > A,g: A” > Ain F, f(X7P) is disjoint from 
g(X") whenever f  g. 
(3) For every f : A™ — A in F and every (21,...,%m) € X?, 
Plea, 25 Bin) ¢ Xx. 


Let X_, = 9. We now show the following lemma. 


Lemma 2.3.3 If X is freely generated by X and F’,, then for every 7 > 0, 
Xi-1 # X; and f(x1,...,¢n) ¢ Xi, for every f in F of arity n and every 
(@1,..-52n) €E XP —- XP). 


Proof: We proceed by induction on i > 0. This is obvious for 7 = 0 since 
X_1; =, Xo = X and by condition (3). For i > 0, we prove by induction on k, 
O0<k <i, that if (v1,...,¢n) € XP—-XP,, then f(x1,...,an) € Xz. For k = 0, 
this follows from condition (3). Now, assume that if (a1,...,0,) © XP—XP 4, 
then f(21,...,0n) ¢ Xp, forO < k < i-1. If f(ay,...,¢n) € Xp41, then 
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f(@1,--52n) € Xp41 — X_. By condition (2) and the definition of X;41, 
there is some (y1,...,Yn) in Xj? such that f(r1,...,¢n) = f(y1,..,Yn). Since 
f is injective on X17, we have tm = Ym for 1 < m <n. Hence, we have 
(1,...,2n) € X} for k < i, contradicting the hypothesis that (1,...,a%n) € 
XP — XP ,. Therefore, f(x1,...,0n) ¢ X41, establishing the induction step 
on k. But this also shows that X; A X;41, concluding the induction step on 
i. 


It should be noted that conditions (1),(2),(3) apply to the restrictions 
of the functions in F to X,. Indeed, there are cases in which the functions 
in F’ are not injective on A, and f(A™) 9 g(A") 4 @ for distinct functions 
f, g, but conditions (1),(2),(3) hold and X is freely generated. See problem 
3.2.5. Lemma 2.3.3 can be used to formalize the statement that X is freely 
generated by X and F iff every element has a unique tree representation. 
However, in order to define precisely what representation by trees means, it is 
necessary to show that trees are freely generated, and to define a function from 
trees to X+ using theorem 2.3.1 proved next. For details of this representation, 
the reader is referred to the problems. 


In logic, terms, formulae, and proofs are given by inductive definitions. 
Another important concept is that of a function defined recursively over an 
inductive set freely generated. 


2.3.3 Functions Defined Recursively over Freely Gener- 
ated Inductive Sets 


Let A be a nonempty set, X a subset of A, Fa set of functions on A, and X+ 
the inductive closure of X under F’. Let B be any nonempty set, and let G be 
a set of functions over the set B, such that there is a function d: F — G that 
associates with each function f of arity n in F, the function d(f): B" — B 
in G (d need not be a bijection). 


Theorem 2.3.1 (Unique homomorphic extension theorem) If X+ is freely 
generated by X and F’, for every function h : X — B, there is a unique 
function h: X, — B such that: 


(1) For all x € X, h(x) = h(x); 

For every function f of arity n > 0 in F’, for every 71,...,%, € X7, 

(2) ACF (a1 +n) = g(h(a1),--,h(an)), where g = d(f). 

The diagram below illustrates the fact that h extends h. The function 


7 is the inclusion function of X into X+. 


x ee XE 
Ny. LF 
B 
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The identities (1) and (2) mean that hisa homomorphism, which is often 
called the unique homomorphic extension of h. Clause (2) can be described 
by the following commutative diagram: 


Ne Shy, Ki 
in| z 
Be —+ B 

ay) 


In the above diagram, the function h” is defined by h(a, 84 fy) = 
(h(x1), ..., h(an)). We say that this s diagram is commutative if the composition 
f ch is equal to the composition h” o g: 


Proof: We define by induction a sequence of functions h; : X; — B 
satisfying conditions (1) and (2) restricted to X;. We set hg = h. Given hj, 
let hj+1 have the graph: 


{(f(a1,.--,2n), g(hi(a1),...,hi(@n))) | (@1,-.,2n) € XP — XP, f € F}U 
graph(h;) 


(with g=d(f).) 


We have to check that this graph is indeed functional. Since X¥+ is freely 
generated, by lemma 2.3.3, f(21,...,2n) © Xizi1 — X; whenever (21,...,%) € 
XP — XP 1, (i > 0), and we only have to check functionality for the first 
part of the union. Since the elements of G are functions, by lemma 2.3.3, 
the only possibility for having (x,y) € graph(h;) and (a, z) € graph(h;) for 
some « € X44, — Xj, is to have = f(#1,...,2m) = f’(y1,--,Yn) for some 
(1, +0-;%m) © XX}? — XM), (Yi, Yn) € XP — XP, and for some constructors 
f and f’ in F. Since f(X%") and F(X?) are disjoint whenever f #4 f’, 
f(@1,--5%m) = f'(y1,--;Yn) implies that f = f’ and m = n. Since every 
f ¢ F is injective on X7, we must also have 2; = y; for every j, 1 <j <n. 
But then, y = z = g(21,...,Ln), with g = d(f), showing functionality. Using 
lemma 2.1.4, h = Ujso hi is a partial function. Since dom(h ) = Udom(h;) = 


UX; = X4, h is total on X4. Furthermore, it is clear by definition of the h; 
that h satisfies (1) and (2). To prove that h is unique, for any other function 
h’ satisfying (1) and (2), it can be easily shown by induction that h and h! 
agree on X; for all i > 0. This proves the theorem. 


EXAMPLE 2.3.4 


Going back to example 2.3.2, the set A is &*, the set F' of functions is 
{H,, H.}, the set B is N, the set G consists of addition and multipli- 
cation on the natural numbers, and the function d: F — G is given by 
d(H) = addition and d(H.) = multiplication. It can be shown that 
EX PR is freely generated by V U {0,1} and {H4, H.}, but this is not 
obvious. Indeed, one has to prove rigorously conditions (1),(2),(3), for 
the functions H, and H,, and this requires some work. A proof can 
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be given by adapting the method used in theorem 3.2.1, and we leave 


it as an exercise. Since EX PR is freely generated, for any function 
v:VU{0,1} — N such that v(0) = 0 and v(1) = 1, by theorem 2.3.1, 
there is a unique function 0 extending v which is a homomorphism. 


Later on when we define satisfaction in first-order logic, we will need to 


define the concept of a structure, and we will have to reformulate slightly the 
notion of an inductive closure. This can be done conveniently by introducing 
the concept of an algebra. Since this material is only used in Chapter 5 and 
Chapter 10, it has been included in an appendix. 


PROBLEMS 


2.1.1. 


2.1.2. 


2.1.3. 


2.1.4. 


2.1.5. 


2.1.6. 


2.1.7. 


Show the following properties: 


(a) If there exists a function g : B — A such that fog = I, then 
f :A— B is injective. If f : A — B is injective and A # 0, then 
there exists a function g: B — A such that fog =TI,. 


(b) A function f is surjective if and only if there exists a function 
g:B—Asuch that go f =Iz. 


(c) A function f : A > B is bijective if and only if there is a function 
f7' called its inverse such that fo f~! =I, and f-to f = Ip. 


Prove that a function f : A — B is injective if and only if, for all 
functions gh: C— A, go f =ho f implies that g = h. A function 
f :A-— B is surjective if and only if for all functions g,h: B—- C, 
fog=f oh implies that g =h. 


Given a relation R on a set A, prove that R is transitive if and only 
if Ro Ris a subset of R. 


Given two equivalence relations R and S on a set A, prove that if 
RoS=SoR, then RoS is the least equivalence relation containing 
Rand S. 


Prove that Rt = U,,., R” is the smallest transitive relation on A 
containing R, and R* = L,,., R” is the smallest reflexive and tran- 
sitive relation on A containing R. Prove that for any relation R on a 
set A, (RU R~')* is the least equivalence relation containing R. 


Show that complete induction is not valid for posets that are not 
well-founded by giving a counter example. 


Let (A,<) and (B,<’) be two partially ordered sets. A function 
f:A— Bis monotonic if, for all a,b € A, a < bimplies f(a) <' f(b). 


(a) Show that the composition of monotonic functions is monotonic. 
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(b) Show that if f is monotonic and m is the least element of a subset 
S of A, then f(m) is the least element of f(.S). 


(c) Give a counter example showing that if f is monotonic and m is 
the least element of A, then f(m) is not necessarily the least element 
of B. Give a counter example showing that if m is a minimal element 
of S, then f(m) is not necessarily a minimal element of f(S), even if 
f is surjective. 


Given a set A, a multiset over A is an unordered collection of ele- 
ments of A that may have multiple occurrences of identical elements. 
Formally, a multiset over A may be defined as a function M: A> N, 
where N denotes the set of nonnegative integers. An element a in A 
has exactly n occurrences in M iff M(a) = n. In particular, a does 
not belong to M iff M(a) = 0. Let M(A) denote the set of finite 
multisets over A, that is, the set of functions M : A — N such that 
M(a) 4 0 only for finitely many a € A. Two (finite) multisets M and 
M’ are equal iff every element occurring exactly n times in A also 
occurs exactly n times in B. 


Multiset union and multiset difference is defined as follows: Given two 
multisets M, : A— N and Mj: A—N, their union is the multiset 
M:A—N, such that for all ¢ € A, M(x) = M(x) + Mo(x). The 
union of M, and Mg is also denoted as M, U M2. The dif ference 
of M, and Mg is the multiset IM : A — N such that for all x € A, 
M (a) = M(x) — Mo(x) if My (x) > Mo(x), M(x) = 0 otherwise. The 
difference of M, and Mo is also denoted as M, — Mg. A multiset M1 
is a submultiset of a multiset Mp if for all a € A, Mi (x) < Mo(z). 


If A is partially ordered by x, the relation << on the set M(A) of 
finite multisets is defined as follows: 


M << M’ iff M is obtained from M’ by removing zero or more 
elements from M"’, and replacing each such element x by zero or any 
finite number of elements from A, each strictly less than x (in the 
ordering =). 


Formally, M << M' iff M = M’, or there exist some finite multisets 
X,Y with X a nonempty submultiset of M’ such that, M = (M’' — 
X)UY, and for all y € Y, there is some x € X such that y ~ z. 


(a) If A= N = {0,1,2,...} and X is the natural ordering on N, give 
examples of pairs of multisets related by the relation <<. 


(b) Prove that << is a partial ordering. 


(c) Assume that ~< is well founded. To prove that << is also well 
founded, we shall proceed by contradiction as follows. Assume that 
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there is an infinite decreasing sequence My) >> My, >>... >> 
Mn >> Mn41 >> .., and M, 4 My41 for alln > 0 (M >> N 
holds iff N << M holds). We build a tree in the following fashion: 


Begin with a root node whose immediate descendants are labeled with 
the elements of Mp. Since Mp >> Mi (and My 4 My), there exist 
multisets X and Y with X a nonempty multiset of Mo, such that 
M, = (Mo — X) UY, and for every y € Y, there is some « € X and 
y < x. For each y in Y, choose some x in X such that y ~ a, and add 
a successor node labeled y to the node corresponding to that x. For 
every remaining x in X (element that is dropped and replaced by no 
elements at all), add a successor labeled with the special symbol L. 
This last step guarantees that at least one new node is added to the 
tree for every multiset M,, in the sequence. This is necessary in case 
Y is empty. Repeat the process for My >> Mop, M2 >> M3, and so 
on. Let T be the resulting tree. 


Note that by construction, the elements on any path form a strictly 
decreasing sequence in A (we can assume that | is less than any 
element in A). 


(i) Prove that the tree T is infinite and that each node has a finite 
number of successors. Then, by K6nig’s lemma (if a tree is finite 
branching and infinite then it contains an infinite path), there must 
be an infinite path in T. 


(ii) Prove that there is a path in T corresponding to an infinite de- 
creasing sequence of elements in A. Conclude that the partial ordering 
<< is well founded. 


Let ¢ be a tree and let u and v be two independent tree addresses 
in dom(t) (that is, wu is not a prefix of v and v is not a prefix of u). 
Prove that for any trees t; and to, 


tlu — ty][u <— te] =tlv < ta][u — ty]. 


Let A = {a,b,c} and *: Ax A— A be the function defined by the 
following table: 


gaaneo 


Qa oeal* 
oa owayea 
aa ala 


(a) Show that the inductive closure of X = {b} is A. 
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* 2.3.3. 


* 2.3.4. 


(b) If N denotes the set of nonnegative integers and + is addition 
(of integers), show that there is some function h : X — N which 
does not have any homomorphic extension to A (a function g is a 
homomorphic extension of h if, g(b) = h(b) and g(a*y) = g(x) +9(y), 
for all x,y € A). 


Find an infinite set that is the inductive closure of a finite set, but is 
not freely generated. 


Show that if X, is freely generated by X and F, then XP — X?., 4 
(X; — X;-1)”. Show that if X, is not freely generated, then xX? — 
X= (Xi — Xi-1)” is possible. 


Recall from Subsection 2.2.6 that Ty denotes the set of all finite 
&-trees over the ranked alphabet ©. Every function symbol f of 
rank n > 0 defines the function f : TZ — Ty as follows: For every 


ty, to,...,tn € Ts, f(ti,te,...,tn) is the tree denoted by ftitg...t, and 
whose graph is the set of pairs 


=n 


{Ce A} UL {liu ti(u)) | u € dom(ti)}. 


i=l 


The tree ft,...tn is the tree with f at the root and t; as the subtree 
at address 7. 


(a) Prove that Ty is freely generated by the set Uo of constant symbols 
in & and the functions f defined above. 


Hint: See the proof of lemma 2.4.2 in the Appendix. 


Let A be a set, X a subset of A, F' a set of functions on A, and X4+ 
the inductive closure of X under F’. We define the ranked alphabet 
> as follows: 
do = X, 
Lp ={f | f € F of rank n}. 


(b) Prove that the unique homomorphic extension h : Ty — X¥+ of 
the inclusion function J: X — X¥ is surjective. We say that a tree 
t € Ty represents an element x € X¥ iff h(t) = a. 


(c) Prove that X + is freely generated by X and F iff h is a bijection. 
Prove that EX PR is freely generated by V U {0,1} and {H,, H.}. 


Hint: Use the proof technique of theorem 3.2.1. 


Chapter 3 


Propositional Logic 


3.1 Introduction 


Every logic comprises a (formal) language for making statements about ob- 
jects and reasoning about properties of these objects. This view of logic is very 
general and actually we will restrict our attention to mathematical objects, 
programs, and data structures in particular. Statements in a logical language 
are constructed according to a predefined set of formation rules (depending 
on the language) called syntax rules. 


One might ask why a special language is needed at all, and why English 
(or any other natural language) is not adequate for carrying out logical reason- 
ing. The first reason is that English (and any natural language in general) is 
such a rich language that it cannot be formally described. The second reason, 
which is even more serious, is that the meaning of an English sentence can be 
ambiguous, subject to different interpretations depending on the context and 
implicit assumptions. If the object of our study is to carry out precise rigor- 
ous arguments about assertions and proofs, a precise language whose syntax 
can be completely described in a few simple rules and whose semantics can 
be defined unambiguously is required. 


Another important factor is conciseness. Natural languages tend to be 
verbose, and even fairly simple mathematical statements become exceedingly 
long (and unclear) when expressed in them. The logical languages that we 
shall define contain special symbols used for abbreviating syntactical con- 
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structs. 


A logical language can be used in different ways. For instance, a language 
can be used as a deduction system (or proof system); that is, to construct 
proofs or refutations. This use of a logical language is called proof theory. In 
this case, a set of facts called axioms and a set of deduction rules (inference 
rules) are given, and the object is to determine which facts follow from the 
axioms and the rules of inference. When using logic as a proof system, one is 
not concerned with the meaning of the statements that are manipulated, but 
with the arrangement of these statements, and specifically, whether proofs or 
refutations can be constructed. In this sense, statements in the language are 
viewed as cold facts, and the manipulations involved are purely mechanical, to 
the point that they could be carried out by a computer. This does not mean 
that finding a proof for a statement does not require creativity, but that the 
interpetation of the statements is irrelevant. This use of logic is similar to 
game playing. Certain facts and rules are given, and it is assumed that the 
players are perfect, in the sense that they always obey the rules. Occasionally, 
it may happen that following the rules leads to inconsistencies, in which case 
it may be necessary to revise the rules. 


However, the statements expressed in a logical language often have an 
intended meaning. The second use of a formal language is for expressing 
statements that receive a meaning when they are given what is called an in- 
terpretation. In this case, the language of logic is used to formalize properties 
of structures, and determine when a statement is true of a structure. This 
use of a logical language is called model theory. 


One of the interesting aspects of model theory is that it forces us to 
have a precise and rigorous definition of the concept of truth in a structure. 
Depending on the interpretation that one has in mind, truth may have quite 
a different meaning. For instance, whether a statement is true or false may 
depend on parameters. A statement true under all interpretations of the 
parameters is said to be valid. A useful (and quite reasonable) mathematical 
assumption is that the truth of a statement can be obtained from the truth 
(or falsity) of its parts (substatements). From a technical point of view, this 
means that the truth of a statement is defined by recursion on the syntactical 
structure of the statement. The notion of truth that we shall describe (due to 
Tarski) formalizes the above intuition, and is firmly justified in terms of the 
concept of an algebra presented in Section 2.4 and the unique homomorphic 
extension theorem (theorem 2.4.1). 


The two aspects of logic described above are actually not independent, 
and it is the interaction between model theory and proof theory that makes 
logic an interesting and effective tool. One might say that model theory and 
proof theory form a couple in which the individuals complement each other. 
To illustrate this point, consider the problem of finding a procedure for listing 
all statements true in a certain class of stuctures. It may be that checking 
the truth of a statement requires an infinite computation. Yet, if the class of 
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structures can be axiomatized by a finite set of axioms, we might be able to 
find a proof procedure that will give us the answer. 


Conversely, suppose that we have a set of axioms and we wish to know 
whether the resulting theory (the set of consequences) is consistent, in the 
sense that no statement and its negation follow from the axioms. If one 
discovers a structure in which it can be shown that the axioms and their con- 
sequences are true, one will know that the theory is consistent, since otherwise 
some statement and its negation would be true (in this structure). 


To summarize, a logical language has a certain syntax, and the meaning, 
or semantics, of statements expressed in this language is given by an interpre- 
tation in a structure. Given a logical language and its semantics, one usually 
has one or more proof systems for this logical system. 


A proof system is acceptable only if every provable formula is indeed 
valid. In this case, we say that the proof system is sound. Then, one tries to 
prove that the proof system is complete. A proof system is complete if every 
valid formula is provable. Depending on the complexity of the semantics of a 
given logic, it is not always possible to find a complete proof system for that 
logic. This is the case, for instance, for second-order logic. However, there 
are complete proof systems for propositional logic and first-order logic. In the 
first-order case, this only means that a procedure can be found such that, if the 
input formula is valid, the procedure will halt and produce a proof. But this 
does not provide a decision procedure for validity. Indeed, as a consequence 
of a theorem of Church, there is no procedure that will halt for every input 
formula and decide whether or not a formula is valid. 


There are many ways of proving the completeness of a proof system. 
Oddly, most proofs establishing completeness only show that if a formula A is 
valid, then there exists a proof of A. However, such arguments do not actually 
yield a method for constructing a proof of A (in the formal system). Only the 
existence of a proof is shown. This is the case in particular for so-called Henkin 
proofs. To illustrate this point in a more colorful fashion, the above situation is 
comparable to going to a restaurant where you are told that excellent dinners 
exist on the menu, but that the inexperienced chef does not know how to 
prepare these dinners. This may be satisfactory for a philosopher, but not for 
a hungry computer scientist! However, there is an approach that does yield a 
procedure for constructing a formal proof of a formula if it is valid. This is the 
approach using Gentzen systems (or tableaux systems). Furthermore, it turns 
out that all of the basic theorems of first-order logic can be obtained using 
this approach. Hence, this author feels that a student (especially a computer 
scientist) has nothing to lose, and in fact will reap extra benefits by learning 
Gentzen systems first. 


Propositional logic is the system of logic with the simplest semantics. 
Yet, many of the concepts and techniques used for studying propositional logic 
generalize to first-order logic. Therefore, it is pedagogically sound to begin by 
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studying propositional logic as a “gentle” introduction to the methods used 
in first-order logic. 


In propositional logic, there are atomic assertions (or atoms, or propo- 
sitional letters) and compound assertions built up from the atoms and the 
logical connectives, and, or, not, implication and equivalence. The atomic 
facts are interpreted as being either true or false. In propositional logic, once 
the atoms in a proposition have received an interpretation, the truth value 
of the proposition can be computed. Technically, this is a consequence of 
the fact that the set of propositions is a freely generated inductive closure. 
Certain propositions are true for all possible interpretations. They are called 
tautologies. Intuitively speaking, a tautology is a universal truth. Hence, 
tautologies play an important role. 


For example, let “John is a teacher,” “John is rich,” and “John is a 
rock singer” be three atomic propositions. Let us abbreviate them as A,B,C. 
Consider the following statements: 


“John is a teacher”; 

It is false that “John is a teacher” and “John is rich”; 

If “John is a rock singer” then “John is rich.” 

We wish to show that the above assumptions imply that 

It is false that “John is a rock singer.” 

This amounts to showing that the (formal) proposition 

(«) (A and not(A and B) and (C implies B)) implies (not C) 


is a tautology. Informally, this can be shown by contradiction. The statement 
(*) is false if the premise (A and not(A and B) and (C implies B)) is true 
and the conclusion (not C) is false. This implies that C is true. Since C is 
true, then, since (C implies B) is assumed to be true, B is true, and since A is 
assumed to be true, (A and B) is true, which is a contradiction, since not(A 
and B) is assumed to be true. 


Of course, we have assumed that the reader is familiar with the semantics 
and the rules of propositional logic, which is probably not the case. In this 
chapter, such matters will be explained in detail. 


3.2 Syntax of Propositional Logic 
The syntax of propositional logic is described in this section. This presentation 


will use the concept of an inductive closure explained in Section 2.3, and the 
reader is encouraged to review it. 
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3.2.1 The Language of Propositional Logic 


Propositional formulae (or propositions) are strings of symbols from a count- 
able alphabet defined below, and formed according to certain rules stated in 
definition 3.2.2. 


Definition 3.2.1 (The alphabet for propositional formulae) This alphabet 
consists of: 


(1) A countable set PS of proposition symbols: P5,P,,P...; 


(2) The logical connectives: \ (and), V (or), D (implication), — (not), 
and sometimes = (equivalence) and the constant 1 (false); 


(3) Auxiliary symbols: “(” (left parenthesis), “)” (right parenthesis). 


The set PROP of propositional formulae (or propositions) is defined as 
the inductive closure (as in Section 2.3) of a certain subset of the alphabet of 
definition 3.2.1 under certain operations defined below. 


Definition 3.2.2 Propositional formulae. The set PROP of propositional 
formulae (or propositions) is the inductive closure of the set PS U {L} under 
the functions C_, Cyr, Cy, C5 and Cz, defined as follows: For any two strings 
A, B over the alphabet of definition 3.2.1, 


C.(A) =7A, 
Cy(A,B) = (ANB), 
Cy(A,B) = (AV B), 
C>5(A, B) = (AD B) and 
C=(A,B) = (A= B). 


The above definition is the official definition of PROP as an inductive 
closure, but is a bit formal. For that reason, it is often stated less formally as 
follows: 


The set PROP of propositions is the smallest set of strings over the 
alphabet of definition 3.2.1, such that: 


(1) Every proposition symbol P; is in PROP and is in PROP; 
(2) Whenever A is in PROP, 7A is also in PROP; 


) 
(3) Whenever A, B are in PROP, (AV B), (AA B), (A D B) and 
(A = B) are also in PROP. 
) 


(4) A string is in PROP only if it is formed by applying the rules 
(1),(2),(3). 


The official inductive definition of PROP will be the one used in proofs. 
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3.2.2 Free Generation of PROP 


The purpose of the parentheses is to ensure unique readability; that is, to 
ensure that PROP is freely generated on PS. This is crucial in order to give 
a proper definition of the semantics of propositions. Indeed, the meaning of a 
proposition will be given by a function defined recursively over the set PROP, 
and from theorem 2.4.1 (in the Appendix), we know that such a function exists 
and is unique when an inductive closure is freely generated. 


There are other ways of defining the syntax in which parentheses are un- 
necessary, for example the prefix (or postfix) notation, which will be discussed 
later. 


It is necessary for clarity and to avoid contradictions to distinguish be- 
tween the formal language that is the object of our study (the set PROP of 
propositions), and the (informal) language used to talk about the object of 
study. The first language is usually called the object language and the second, 
the meta-language. It is often tedious to maintain a clear notational distinc- 
tion between the two languages, since this requires the use of a formidable 
number of symbols. However, one should always keep in mind this distinction 
to avoid confusion (and mistakes !). 


For example, the symbols P, Q, R, ... will usually range over proposi- 
tional symbols, and the symbols A, B, C, ... over propositions. Such symbols 
are called meta-variables. 


Let us give a few examples of propositions: 


EXAMPLE 3.2.1 


The following strings are propositions. 
Py, Pa, (P, V Po), 


(PDS PyS (“AV Py)), (Pi =(PrD1)), 
(Pi > Pe) AP2)2-Pi), (Pi V-Pi). 
On the other hand, strings such as 
(Q), or (Priv Pa)A 
are not propositions, because they cannot be constructed from PS and 


t and the logical connectives. 


Since PROP is inductively defined on PS, the induction principle (of 
Section 2.3) applies. We are now going to use this induction principle to show 
that PROP is freely generated by the propositional symbols (and L) and the 
logical connectives. 
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Lemma 3.2.1 (i) Every proposition in PROP has the same number of left 
and right parentheses. 


ii) Any proper prefix of a proposition is either the empty string, a 
nonempty) string of negation symbols, or it contains an excess of left paren- 
pty g & y 
theses. 


(iii) No proper prefix of a proposition can be a proposition. 


Proof: (i) Let S be the set of propositions in PROP having an equal 
number of left and right parentheses. We show that S is inductive on the set 
of propositional symbols and L. By the induction principle, this will show 
that S = PROP, as desired. It is obvious that S contains the propositional 
symbols (no parentheses) and L. It is also obvious that the rules in definition 
3.2.2 introduce matching parentheses and so, preserve the above property. 
This concludes the first part of the proof. 


(ii) Let S$ be the set of propositions in PROP such that any proper prefix 
is either the empty string, a string of negations, or contains an excess of left 
parentheses. We also prove that S$ is inductive on the set of propositional 
symbols and L. First, it is obvious that every propositional symbol is in 
S, as well as L. Let us verify that S is closed under C,, leaving the other 
cases as an exercise. Let A and B be in S. The nonempty proper prefixes of 
Cy(A, B) = (AA B) are: 


( 

(C where C is a proper prefix of A 

(A 

(AA 

(AAC where C' is a proper prefix of B 
(AAB 


Applying the induction hypothesis that A and B are in S, we obtain the 
desired conclusion. 


Clause (iii) of the lemma follows from the two previous properties. If a 
proper prefix of a proposition is a proposition, then by (i), it has the same 
number of left and right parentheses. If a proper prefix has no parentheses, it 
is either the empty string or a string of negations, but neither is a proposition. 
If it has parentheses, by property (ii), it has an excess of left parentheses, a 
contradiction. 


The above lemma allows us to show the theorem: 


Theorem 3.2.1 The set PROP of propositions is freely generated by the 
propositional symbols in PS, |, and the logical connectives. 


Proof: First, we show that the restrictions of the functions C_, Ca, Cy, 
Cs and Cz to PROP are injective. This is obvious for C_ and we only check 
this for C,, leaving the other cases as an exercise. If (A A B) = (CA D), 
then AA B) = CAD). Either A = C, or A is a proper prefix of C, or C is 
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a proper prefix of A. But the last two cases are impossible by lemma 3.2.1. 
Then AB) = AD), which implies B = D. 


Next, we have to show that the ranges of the restrictions of the above 
functions to PROP are disjoint. We only discuss one case, leaving the others 
as an exercise. For example, if (A A B) = (CD D), then AA B) =C DD). 
By the same reasoning as above, we must have A = C. But then, we must 
have A =D, which is impossible. Finally, since all the functions yield a string 
of length greater than that of its arguments, all the conditions for being freely 
generated are met. 


The above result allows us to define functions over PROP recursively. 
Every function with domain PROP is uniquely determined by its restriction 
to the set PS of propositional symbols and to L. We are going to use this fact 
in defining the semantics of propositional logic. As an illustration of theorem 
3.2.1, we give a recursive definition of the set of propositional letters occurring 
in a proposition. 


EXAMPLE 3.2.2 


The function symbols : PROP — 2P8 is defined recursively as follows: 


symbols(L) = 9, 
symbols(P;) = {P;}, 
symbols((B * C)) = symbols(B) U symbols(C), for * € {A, V,D,=}, 
symbols(4A) = symbols(A) 


For example, 


symbols(((P; >) P2) V =P3) A P;)) = {P,, Po, P3}. 


In order to minimize the number of parentheses, a precedence is assigned 
to the logical connectives and it is assumed that they are left associative. 
Starting from highest to lowest precedence we have: 


= 


> 


EXAMPLE 3.2.3 
AA BD C is an abbreviation for ((AA B) DC), 


AV BAC an abbreviation for (A V (BA C)), and 
AV BY Cis an abbreviation for ((A V B) VC). 
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Parentheses can be used to disambiguate expressions. These conventions 
are consistent with the semantics of the propositional calculus, as we shall see 
in Section 3.3. 


Another way of avoiding parentheses is to use the prefix notation. In 
prefix notation, (A V B) becomes VAB, (A A B) becomes AAB, (A D B) 
becomes D AB and (A = B) becomes = AB. 


In order to justify the legitimacy of the prefix notation, that is, to show 
that the set of propositions in prefix notation is freely generated, we have to 
show that every proposition can be written in a unique way. We shall come 
back to this when we consider terms in first-order logic. 


PROBLEMS 


3.2.1. Let PROP be the set of all propositions over the set PS of proposi- 
tional symbols. The depth d(A) of a proposition A is defined recur- 
sively as follows: 


d(L) =0, 
d(P) =0, for each symbol P € PS, 
d(7A) =1+d(A), 
d(AV B) =1+ maa(d(A),d(B)), 
d(AA B) =1+ maa(d(A),d(B)), 
d(AD B) =1+ mazx(d(A),d(B)), 
d(A = B) =1+ max(d(A), d(B)) 


If PS; is the i-th stage of the inductive definition of PROP = (PSU 
{L})+ (as in Section 2.3), show that PS; consists exactly of all propo- 
sitions of depth less than or equal to 2. 


3.2.2. Which of the following are propositions? Justify your answer. 
=P, 
AP, V AP» 
-(P, V P2) 
(=P, D =P») 
a(P, V (P2 A (P3V Ps) A (Pi A (P3 A aP1) V (Ps V P1))) 
(Hint: Use problem 3.2.1, lemma 3.2.1.) 


3.2.3. Finish the proof of the cases in lemma 3.2.1. 
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3.2.4. The function sub: PROP — 2P®°P which assigns to any proposition 
A the set sub(A) of all its subpropositions is defined recursively as 


follows: 
sub(L) = {1}, 
sub(P;) = {P;}, for a propositional symbol P;,, 
sub(4A) = sub(A) U {7A}, 

sub((A V B)) = sub(A) U sub(B)U {(AV B)}, 
sub((A A B)) = sub(A) U sub(B)U {(AA B)}, 
sub((A D B)) = sub(A) U sub(B) U {(A D B)}, 
sub((A = B)) = sub(A) U sub(B) U {(A = B)}. 


Prove that if a proposition A has n connectives, then sub(A) contains 
at most 2n + 1 propositions. 


3.2.5. Give an example of propositions A and B and of strings u and v such 
that (AV B) = (uV v), but u 4 A and v ¥ B. Similarly give an 
example such that (AV B) = (uAv), butu# AandvF B. 


* 3.2.6. The set of propositions can be defined by a context-free grammar, 
provided that the propositional symbols are encoded as strings over a 
finite alphabet. Following Lewis and Papadimitriou, 1981, the symbol 
P;, (« > 0) will be encoded as PI...1$, with a number of I’s equal 
to 7. Then, PROP is the language L(G) defined by the following 
context-free grammar G = (V,», R,S): 


B= {PL SAV Sm, L}, V=ZU{S,N}, 


R={N-e, 
N= NTI, 
S — PN$, 
SL, 
S— (SVS), 
S— (SAS), 
S— (SDS), 
S—>(S=S), 
S — 7S}. 


Prove that the grammar G is unambiguous. 


Note: The above language is actually SLR(1). For details on parsing 
techniques, consult Aho and Ullman, 1977. 


3.2.7. The set of propositions in prefix notation is the inductive closure of 
PSU {} under the following functions: 
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For all strings A, B over the alphabet of definition 3.2.1, excluding 
parentheses, 


C,(A, B) = AAB, 
C\(A, B) = VAB, 
C5(A,B) => AB, 
C=(A, B) == AB, 

C_(A) =A. 


In order to prove that the set of propositions in prefix notation is 
freely generated, we define the function K as follows: 


K(A) = -1, K(v) = -1; K(D) = -1; K(=) = -1, K(>) = 0; 
K(1) = 1; K(P;) = 1, for every propositional symbol P;. 


The function K is extended to strings as follows: For every string 
W}...Wr (over the alphabet of definition 3.2.1, excluding parentheses), 
K(wy...Wk) = K(w1) ee K (wr). 


(i) Prove that for any proposition A, K(A) = 1. 
(ii) Prove that for any proper prefix w of a proposition, K(w) < 0. 
(iii) Prove that no proper prefix of a proposition is a proposition. 


(iv) Prove that the set of propositions in prefix notation is freely 
generated. 


Suppose that we modify definition 3.2.2 by omitting all right paren- 
theses. Thus, instead of 


((PA=Q) 3 (RV 5)), 


we have 
((PA7=QD(RVS. 


Formally, we define the functions: 


C,(A, B) = (AAB, 
Cy (A, B) = (AVB, 
C3(A, BS (ADA, 
C_(A, B) =(A=A, 
C_(A) =A. 


Prove that the set of propositions defined in this fashion is still freely 
generated. 
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3.3 Semantics of Propositional Logic 


In this section, we present the semantics of propositional logic and define the 
concepts of satisfiability and tautology. 


3.3.1 The Semantics of Propositions 

The semantics of the propositional calculus assigns a truth function to each 
proposition in PROP. First, it is necessary to define the meaning of the 
logical connectives. We first define the domain BOOL of truth values. 


Definition 3.3.1 The set of truth values is the set BOOL = {T,F}. It is 
assumed that BOOL is (totally) ordered with F < T. 


Each logical connective X is interpreted as a function Hx with range 
BOOL. The logical connectives are interpreted as follows. 


Definition 3.3.2 The graphs of the logical connectives are represented by 
the following table: 


P Q H-(P) Ay(P, Q) Ay (P,Q) H5(P,Q) H=(P,Q) 
T/T F T T T T 
T/F F F T F F 
F\T T F T T F 
F\F T F F T T 


The logical constant L is interpreted as F. 


The above table is what is called a truth table. We have introduced the 
function Hx to distinguish between the symbol X and its meaning Hx. This 
is a heavy notational burden, but it is essential to distinguish between syntax 
and semantics, until the reader is familiar enough with these concepts. Later 
on, when the reader has assimilated these concepts, we will often use X for 
Hx to simplify the notation. 


We now define the semantics of formulae in PROP. 


Definition 3.3.3 A truth assignment or valuation is a function v : PS > 
BOOL assigning a truth value to all the propositional symbols. From theo- 
rem 2.4.1 (in the Appendix), since PROP is freely generated by PS, every 
valuation v extends to a unique function 0: PROP — BOOL satisfying the 
following clauses for all A,B € PROP: 
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wl) =F, 
v(P) = v(P), for all P< PS, 
v(7A) = HA ((A)), 
O((A A B)) = Ap (WA), o(B)), 
o((A V B)) = Av (0(A), o(B)), 
w((A D B)) = Ha (v(A), o(B)), 
v((A = B)) = H=(v(A), v(B)). 


In the above definition, the truth value U(A) of a proposition A is defined 
for a truth assignment v assigning truth values to all propositional symbols, 
including infinitely many symbols not occurring in A. However, for any for- 
mula A and any valuation v, the value (A) only depends on the propositional 
symbols actually occurring in A. This is justified by the following lemma. 


Lemma 3.3.1 For any proposition A, for any two valuations v and v! such 
that v(P) = v'(P) for all proposition symbols occurring in A, U(A) = v’(A). 


Proof: We proceed by induction. The lemma is obvious for L, since L 
does not contain any propositional symbols. If A is the propositional symbol 
P;, since v(P;) = v'(P,), 0(P:) = v(P), and v’(P;) = v'(P;), the Lemma holds 
for propositional symbols. 


If A is of the form —B, since the propositional symbols occurring in B 
are the propositional symbols occurring in A, by the induction hypothesis, 
v(B) = v'(B). Since 


3(A) = H_(0(B)) and v'(A) = H(v'(B)), 


we have 


(A) = v"(A). 


If A is of the form (B * C), for a connective « € {V,A,>,=}, since the 
sets of propositional letters occurring in B and C are subsets of the set of 
propositional letters occurring in A, the induction hypothesis applies to B 
and C’. Hence, = 

v(B) =v'(B) and v(C) =v"(C). 


But 
o(A) = H,.(0(B), 0(C)) = H.(v'(B), v'(C)) = v'(A), 


showing that 
(A) = v'(A). 


Using lemma 3.3.1, we observe that given a proposition A containing the 
set of propositional symbols {P,,...,P,}, its truth value for any assignment v 
can be computed recursively and only depends on the values v(P,),..., v(Pn). 
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EXAMPLE 3.3.1 


Let 


A=((P 5 Q)= (-Q 5 +P). 


Let v be a truth assignment whose restriction to {P,Q} is u(P) = T, 
v(Q) =F. According to definition 3.3.3, 


In turn, 


Since 


we have 


We also have 


Hence, 


Finally, 


The above recursive computation can be conveniently described by a 
truth table as follows: 


P 


=Q 


(P 5 Q) | (4Q > =P) | (CP 5 Q) = (-@ 5 P)) 


T 


Q 
F 


TE 


F F T 


If 0(A) = T for a valuation v and a proposition A, we say that v satisfies 
A, and this is denoted by v — A. If v does not satisfy A, we say that v falsifies 
A, and this is denoted by, not v — A, or v K A. 


An expression such as v — A (or v F A) is merely a notation used in 
the meta-language to express concisely statements about satisfaction. The 
reader should be well aware that such a notation is not a proposition in the 
object language, and should be used with care. An illustration of the danger 
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of mixing the meta-language and the object language is given by the definition 
(often found in texts) of the notion of satisfaction in terms of the notation 
v & A. Using this notation, the recursive clauses of the definition of 0 can be 
stated informally as follows: 


v KL, 
v E P; iff v(P;) = T, 
vA iff u KA, 
EAA Biff vE Aandv-E B, 
EAV BiffvuE AorvE B, 
EAD Biffu FAorvEB, 
EA=Biff(vuE AiffuE- B). 


U 

U 
UV 
UV 


The above definition is not really satisfactory because it mixes the object 
language and the meta-language too much. In particular, the meaning of 
the words not, or, and and iff is ambiguous. What is worse is that the 
legitimacy of the recursive definition of “F” is far from being clear. However, 
the definition of — using the recursive definition of U is rigorously justified by 
theorem 2.4.1 (in the Appendix). 


An important subset of PROP is the set of all propositions that are 
true in all valuations. These propositions are called tautologies. 


3.3.2 Satisfiability, Unsatisfiability, Tautologies 
First, we define the concept of a tautology. 


Definition 3.3.4 A proposition A is valid iff (A) = T for all valuations v. 
This is abbreviated as — A, and A is also called a tautology. 


A proposition is satisfiable if there is a valuation (or truth assignment) 
v such that 0(A) = T. A proposition is unsatisfiable if it is not satisfied by 
any valuation. 


Given a set of propositions [, we say that A is a semantic consequence 
of [', denoted by T — A, if for all valuations v, 0(B) = T for all B in T implies 
that 0(A) = T. 


The problem of determining whether any arbitrary proposition is satis- 
fiable is called the satisfiability problem. The problem of determining whether 
any arbitrary proposition is a tautology is called the tautology problem. 


EXAMPLE 3.3.2 


The following propositions are tautologies: 


ADA, 
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aAADA, 
(P>Q)=(-Q5 -P). 
The proposition 
(PV Q)A(4PV-=Q) 
is satisfied by the assignment vu(P) = F, v(Q) = T. 


The proposition 
(APVQ)A(=APV7Q)AP 


is unsatisfiable. The following are valid consequences. 
A,(A> B) KB, 


A,B K(AAB), 
(A> B),-BK-A. 


Note that P > Q is false if and only if both P is true and Q is false. In 
particular, observe that P D> Q is true when P is false. 


The relationship between satisfiability and being a tautology is recorded 
in the following useful lemma. 


Lemma 3.3.2 A proposition A is a tautology if and only if —A is unsatisfi- 
able. 


Proof: Assume that A is a tautology. Hence, for all valuations v, 
v(A) = T. 
Since 


O(>A) = H_(0(A)), 
v(A)=T if and only if v(4A) =F. 


This shows that for all valuations v, 

3(4A) =F, 
which is the definition of unsatisfiability. Conversely, if A is unsatisfiable, 
for all valuations v, 

v(7A) = F. 


By the above reasoning, for all v, 


3(A) = T, 


which is the definition of being a tautology. 
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The above lemma suggests two different approaches for proving that 
a proposition is a tautology. In the first approach, one attempts to show 
directly that A is a tautology. The method in Section 3.4 using Gentzen 
systems illustrates the first approach (although A is proved to be a tautology 
if the attempt to falsify A fails). In the second approach, one attempts to 
show indirectly that A is a tautology, by showing that —A is unsatisfiable. 
The method in Chapter 4 using resolution illustrates the second approach. 


As we saw in example 3.3.1, the recursive definition of the unique exten- 
sion @ of a valuation v suggests an algorithm for computing the truth value 
v(A) of a proposition A. The algorithm consists in computing recursively the 
truth tables of the parts of A. This is known as the truth table method. 


The truth table method clearly provides an algorithm for testing whether 
a formula is a tautology: If A contains n propositional letters, one constructs 
a truth table in which the truth value of A is computed for all valuations 
depending on n arguments. Since there are 2” such valuations, the size of 
this truth table is at least 2”. It is also clear that there is an algorithm for 
deciding whether a proposition is satisfiable: Try out all possible valuations 
(2”) and compute the corresponding truth table. 


EXAMPLE 3.3.3 


Let us compute the truth table for the proposition A = ((P D Q) = 
(=Q D> -P)). 


P]@[=P|-Q|(P2Q|CQ>-P) | (P52 =C@>-P) 
F/F| T | T T T rE 
F/T| T | F T T Ty 
T\|F) F | T F F T 
T|T|) F | F T T T 


Since the last column contains only the truth value T, the proposition 
A is a tautology. 


The above method for testing whether a proposition is satisfiable or a 
tautology is computationally expensive, in the sense that it takes an exponen- 
tial number of steps. One might ask if it is possible to find a more efficient 
procedure. Unfortunately, the satisfiability problem happens to be what is 
called an NP-complete problem, which implies that there is probably no fast 
algorithm for deciding satisfiability. By a fast algorithm, we mean an algo- 
rithm that runs in a number of steps bounded by p(n), where n is the length 
of the input, and p is a (fixed) polynomial. NP-complete problems and their 
significance will be discussed at the end of this section. 


Is there a better way of testing whether a proposition A is a tautology 
than computing its truth table (which requires computing at least 2” entries, 
where n is the number of proposition symbols occurring in A)? One possibility 
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is to work backwards, trying to find a truth assignment which makes the 
proposition false. In this way, one may detect failure much earlier. This is 
the essence of Gentzen systems to be discussed shortly. 

As we said at the beginning of Section 3.3, every proposition defines a 
function taking truth values as arguments, and yielding truth values as results. 
The truth function associated with a proposition is defined as follows. 


3.3.3 Truth Functions and Functionally Complete Sets 
of Connectives 


We now show that the logical connectives are not independent. For this, we 


need to define what it means for a proposition to define a truth function. 


Definition 3.3.5 Let A be a formula containing exactly n distinct propo- 
sitional symbols. The function H4 : BOOL” — BOOL is defined such that, 
for every (a1,...,@n) € BOOL”, 


Ha(a1,...,@n) = U(A), 
with v any valuation such that v(P;) = a; for every propositional symbol P; 


occurring in A. 


For simplicity of notation we will often name the function H4 as A. H, 
is a truth function. In general, every function f : BOOL” — BOOL is called 
an n-ary truth function. 


EXAMPLE 3.3.4 
The proposition 


A=(PA-=Q)V (-PAQ) 
defines the truth function Hg given by the following truth table: 


P1Q IAP | =Q | (PAAQ) | (=P AQ) [(PA=Q) V (AP AQ) 
F/F/ T/T F F F 
F/T|T/|F F T T 
T|F| F/T T F T 
T|T| F|F F F F 


Note that the function Hg takes the value T if and only if its arguments 
have different truth values. For this reason, it is called the exclusive OR 
function. 


It is natural to ask whether every truth function f can be realized by 
some proposition A, in the sense that f = H,4. This is indeed the case. We say 
that the boolean connectives form a functionally complete set of connectives. 
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The significance of this result is that for any truth function f of n arguments, 
we do not enrich the collection of assertions that we can make by adding a 
new symbol to the syntax, say F’, and interpreting F' as f. Indeed, since f 
is already definable in terms of V, A, =, D, =, every extended proposition 
A containing F’ can be converted to a proposition A’ in which F’ does not 
occur, such that for every valuation v, 0(A) = U(A’). Hence, there is no 
loss of generality in restricting our attention to the connectives that we have 
introduced. In fact, we shall prove that each of the sets {V, a}, {A, >}, {D, 7} 
and {D, L} is functionally complete. 


First, we prove the following two lemmas. 


Lemma 3.3.3 Let A and B be any two propositions, let {P1,..., Pn} be the 
set of propositional symbols occurring in (A = B), and let H4 and Hg be the 
functions associated with A and B, considered as functions of the arguments 
in {P,,..., Pn}. The proposition (A = B) is a tautology if and only if for all 
valuations v, 0(A) = 0(B), if and only if Hy, = Hp. 


Proof: For any valuation v, 
O((A = B)) = H=(0(A), o(B)). 
Consulting the truth table for H=, we see that 


3((A=B))=T ifandonly if 3(A) =0(B). 


By lemma 3.3.1 and definition 3.3.5, this implies that Hy = Hz. 


By constructing truth tables, the propositions listed in lemma 3.3.4 be- 
low can be shown to be tautologies. 


Lemma 3.3.4 The following properties hold: 


_ (A = B) =((AD> B)A(BD> A); (1) 
E (A> B) =(AAVB); (2) 
LE (AV B) = (A> B); (3) 
KE (AV B) =-(=AA-B); (4) 
(AA B) =-(-AV-B); (5) 
KE AA=(AD1); (6) 
| =(AA-A) (7) 


Proof: We prove (1), leaving the other cases as an exercise. By lemma 
3.3.3, it is sufficient to verify that the truth tables for (A = B) and ((A D 
B) A (BD A)) are identical. 
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A |B )ADB | BDA | (A=B)] (ADB)A(BDA)) 
F F T T T T 
F T T F F F 
T F F T F F 
T T T T T T 


Since the columns for (A = B) and ((A D B) A(B D A)) are identical, 
(1) is a tautology. 


We now show that {V,/A, 7} is a functionally complete set of connectives. 
Theorem 3.3.1 For every n-ary truth function f, there is a proposition A 
only using the connectives A, V and = such that f = Ha. 


Proof: We proceed by induction on the arity n of f. For n = 1, there 
are four truth functions whose truth tables are: 


P 1 2 3 4 
F T F F T 
T T F T F 


Clearly, the propositions P V =P, P\ =P, P and -=P do the job. Let f 
be of arity n + 1 and assume the induction hypothesis for n. Let 


fi(ai,-,@n) = f(ai,...,2n,T) and 
fo(a1, ..-, Un) = f(a1,..., Ln, F). 


Both f; and fz are n-ary. By the induction hypothesis, there are propositions 
B and C such that 
fi = Hp and fe = Heo. 


But then, letting A be the formula 


(Pati A B) V (>Pr4i AC), 


where P,,41 occurs neither in B nor C, it is easy to see that f = Hy. 


Using lemma 3.3.4, it follows that {V,—7}, {A, 7}, {5,7} and {D, 1} 
are functionally complete. Indeed, using induction on propositions, \ can be 
expressed in terms of V and — by (5), > can be expressed in terms of — and V 
by (2), = can be expressed in terms of D and A by (1), and L can be expressed 
in terms of A and — by (7). Hence, {V,—} is functionally complete. Since V 
can be expressed in terms of A and — by (4), the set {A,—} is functionally 
complete, since {V,—} is. Since V can be expressed in terms of > and 7 by 
(3), the set {5,7} is functionally complete, since {V,—} is. Finally, since 


48 3/Propositional Logic 


can be expressed in terms of > and L by (6), the set {5, L} is functionally 
complete since {>,—} is. 


In view of the above theorem, we may without loss of generality restrict 
our attention to propositions expressed in terms of the connectives in some 
functionally complete set of our choice. The choice of a suitable functionally 
complete set of connectives is essentially a matter of convenience and taste. 
The advantage of using a small set of connectives is that fewer cases have to 
be considered in proving properties of propositions. The disadvantage is that 
the meaning of a proposition may not be as clear for a proposition written in 
terms of a smaller complete set, as it is for the same proposition expressed 
in terms of the full set of connectives used in definition 3.2.1. Furthermore, 
depending on the set of connectives chosen, the representations can have very 
different lengths. For example, using the set {D,_L}, the proposition (A A B) 
takes the form 

(AD (BODL)) DL. 


I doubt that many readers think that the second representation is more per- 
spicuous than the first! 


In this book, we will adopt the following compromise between mathe- 
matical conciseness and intuitive clarity. The set {A,V,7, >} will be used. 
Then, (A = B) will be considered as an abbreviation for ((A D B)A(B D A)), 
and L as an abbrevation for (P A —P). 


We close this section with some results showing that the set of propo- 
sitions has a remarkable structure called a boolean algebra. (See Subsection 
2.4.1 in the Appendix for the definition of an algebra.) 


3.3.4 Logical Equivalence and Boolean Algebras 


First, we show that lemma 3.3.3 implies that a certain relation on PROP is 
an equivalence relation. 


Definition 3.3.6 The relation ~ on PROP is defined so that for any two 
propositions A and B, A ~ B if and only if (A = B) is a tautology. We say 
that A and B are logically equivalent, or for short, equivalent. 


From lemma 3.3.3, A ~ B if and only if H4 = Hg. This implies that 
the relation ~ is reflexive, symmetric, and transitive, and therefore it is an 
equivalence relation. The following additional properties show that it is a 
congruence in the sense of Subsection 2.4.6 (in the Appendix). 


Lemma 3.3.5 For all propositions A,A’,B,B’, the following properties hold: 
If Ax A’ and Bx B’, then for « € {A, V, D, =}, 


(A* B) ~(A’* B’) and 
aAxr AA’. 
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Proof: By definition 3.3.6, 
(A x B) ~ (A’ x B’) ifand only if - (Ax B) = (A’ x B’). 
By lemma 3.3.3, it is sufficient to show that for all valuations v, 
D(A * B) = D(A! x B’). 


Since 
Ax A’ and Bx B’ implies that 
3(A) =3(A) and 6(B) =0(B’), 
we have 
@(A x B) = H,(0(A),8(B)) = H,(6(A’), (BY) = (A! + B’). 


Similarly, 
(>A) = H_(0(A)) = HA(0(4.)) = 0-4’). 


In the rest of this section, it is assumed that the constant symbol T 
is added to the alphabet of definition 3.2.1, yielding the set of propositions 
PROP’, and that T is interpreted as T. The proof of the following properties 
is left as an exercise. 


Lemma 3.3.6 The following properties hold for all propositions in PROP’. 
Associativity rules: 
(AV B)VC) 2 (AV(BVC)) (AA B)AC) 2 (AA(BAC)) 
Commutativity rules: 
(AV B)~(BV A) (AAB)~(BAA) 
Distributivity rules: 
(AV (BAC)) = (AV B)A(AVC)) 
(AA (BVC)) = (AA B) V (AAC)) 
De Morgan’s rules: 
“(AV B) = (AAAAB) 7=(AAB)& (AAV -B) 
Idempotency rules: 
(AVA)2A (AAA)ZLA 
Double negation rule: 
aAAYA 
Absorption rules: 
(AV(AAB))~A (AA(AVB)) 2A 
Laws of zero and one: 
(AV L)~A (AA L)&L 
(AVT)2%T (AAT)&2A 
(AV AA) &T (AATA) &L 
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Let us denote the equivalence class of a proposition A modulo ~ as [A], 
and the set of all such equivalence classes as Bprop. We define the operations 
+, * and = on Bpgop as follows: 


[A] + [B] = [AV BI, 
[A] *[B] = [AA BI, 
[A] = [4]. 
Also, let 0 = [L] and 1 = [7]. 


By lemma 3.3.5, the above functions (and constants) are independent of 
the choice of representatives in the equivalence classes. But then, the proper- 
ties of lemma 3.3.6 are identities valid on the set Bprop of equivalence classes 
modulo ~. The structure Bprop is an algebra in the sense of Subsection 2.4.1 
(in the Appendix). Because it satisfies the identities of lemma 3.3.6, it is a 
very rich structure called a boolean algebra. Bprop is called the Lindenbaum 
algebra of PROP. In this book, we will only make simple uses of the fact 
that Bprop is a boolean algebra (the properties in lemma 3.3.6, associativity, 
commutativity, distributivity, and idempotence in particular) but the reader 
should be aware that there are important and interesting consequences of this 
fact. However, these considerations are beyond the scope of this text. We 
refer the reader to Halmos, 1974, or Birkhoff, 1973 for a comprehensive study 
of these algebras. 


3.3.5 NP-Complete Problems 


It has been remarked earlier that both the satisfiability problem (SAT) and 
the tautology problem (TAUT) are computationally hard problems, in the 
sense that known algorithms to solve them require an exponential number of 
steps in the length of the input. Even though modern computers are capable 
of performing very complex computations much faster than humans can, there 
are problems whose computational complexity is such that it would take too 
much time or memory space to solve them with a computer. Such problems are 
called intractable. It should be noted that this does not mean that we do not 
have algorithms to solve such problems. This means that all known algorithms 
solving these problems in theory either require too much time or too much 
memory space to solve them in practice, except perhaps in rather trivial cases. 
An algorithm is considered intractable if either it requires an exponential 
number of steps, or an exponential amount of space, in the length of the 
input. This is because exponential functions grow very fast. For example, 
210 — 1024, but 210 is equal to 10100%°9102, which has over 300 digits! 
A problem that can be solved in polynomial time and polynomial space is 
considered to be tractable. 


It is not known whether SAT or T AUT are tractable, and in fact, it is 
conjectured that they are not. But SAT and TAUT play a special role for 
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another reason. There is a class of problems (NP) which contains 
problems for which no polynomial-time algorithms are known, but for which 
polynomial-time solutions exist, if we are allowed to make guesses, and if we 
are not charged for checking wrong guesses, but only for successful guesses 
leading to an answer. SAT is such a problem. Indeed, given a proposition A, if 
one is allowed to guess valuations, it is not difficult to design a polynomial-time 
algorithm to check that a valuation v satisfies A. The satisfiability problem 
can be solved nondeterministically by guessing valuations and checking that 
they satisfy the given proposition. Since we are not “charged” for checking 
wrong guesses, such a procedure works in polynomial-time. 


A more accurate way of describing such algorithms is to say that free 
backtracking is allowed. If the algorithm reaches a point where several choices 
are possible, any choice can be taken, but if the path chosen leads to a dead 
end, the algorithm can jump back (backtrack) to the latest choice point, 
with no cost of computation time (and space) consumed on a wrong path 
involved. Technically speaking, such algorithms are called nondeterministic. 
A nondeterministic algorithm can be simulated by a deterministic algorithm, 
but the deterministic algorithm needs to keep track of the nondeterministic 
choices explicitly (using a stack), and to use a backtracking technique to 
handle unsuccessful computations. Unfortunately, all known backtracking 
techniques yield exponential-time algorithms. 


In order to discuss complexity issues rigorously, it is necessary to define 
a model of computation. Such a model is the Turing machine (invented by 
the mathematician Turing, circa 1935). We will not present here the theory 
of Turing Machines and complexity classes, but refer the interested reader to 
Lewis and Papadimitriou, 1981, or Davis and Weyuker, 1983. We will instead 
conclude with an informal discussion of the classes P and NP. 


In dealing with algorithms for solving classes of problems, it is conve- 
nient to assume that problems are encoded as sets of strings over a finite 
alphabet ©. Then, an algorithm for solving a problem A is an algorithm for 
deciding whether for any string u € &*, u is a member of A. For example, 
the satisfiability problem is encoded as the set of strings representing satisfi- 
able propositions, and the tautology problem as the set of strings representing 
tautologies. 


A Turing machine is an abstract computing device used to accept sets 
of strings. Roughly speaking, a Turing machine M consists of a finite set of 
states and of a finite set of instructions. The set of states is partitioned into 
two subsets of accepting and rejecting states. 


To explain how a Turing machine operates, we define the notion of an 
instantaneous description (ID) and of a computation. An instantaneous de- 
scription is a sort of snapshot of the configuration of the machine during a 
computation that, among other things, contains a state component. A Turing 
machine operates in discrete steps. Every time an instruction is executed, the 
ID describing the current configuration is updated. The intuitive idea is that 
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executing an instruction J when the machine is in a configuration described by 
an instantaneous description C yields a new configuration described by C2. 
A computation is a finite or infinite sequence of instantaneous descriptions 
Co,---,Cn (or Co,..-,;Cn,Cn41,-.., if it is infinite), where Co is an initial in- 
stantaneous description containing the input, and each C;+1 is obtained from 
C;, by application of some instruction of M. A finite computation is called 
a halting computation, and the last instantaneous description C,, is called a 
final instantaneous description. 


A Turing machine is deterministic, if for every instantaneous description 
C;, at most one instantaneous description C2 follows from C, by execution of 
some instruction of M. It is nondeterministic if for any 1D C1, there may be 
several successors Cz obtained by executing (different) instructions of M. 


Given a halting computation Co,...,C,, if the final JD C;, contains an 
accepting state, we say that the computation is an accepting computation, 
otherwise it is a rejecting computation. 


A set A (over 4) is accepted deterministically in polynomial time if there 
is a deterministic Turing machine M and a polynomial p such that, for every 
input u, 


(i) u € A iff the computation Co,...,C, on input u is an accepting 
computation such that n < p(|u]) and, 


(ii) u ¢ A iff the computation Co,...,C, on input u is a rejecting com- 
putation such that n < p(|ul). 


A set A (over ©) is accepted nondeterministically in polynomial time if 
there is a nondeterministic Turing machine M and a polynomial p, such that, 
for every input u, there is some accepting computation Co,...,C, such that 
n < p(ul). 


It should be noted that in the nondeterministic case, a string u is rejected 
by a Turing machine M (that is, uw ¢ A) iff every computation of M is either a 
rejecting computation Co,...,C, such that n < p(|u|), or a computation that 
takes more than p(|u|) steps on input u. 


The class of sets accepted deterministically in polynomial time is denoted 
by P, and the class of sets accepted nondeterministically in polynomial time 
is denoted by NP. It is obvious from the definitions that P is a subset of 
NP. However, whether P = NP is unknown, and in fact, is a famous open 
problem. 


The importance of the class P resides in the widely accepted (although 
somewhat controversial) opinion that P consists of the problems that can 
be realistically solved by computers. The importance of NP lies in the fact 
that many problems for which efficient algorithms would be highly desirable, 
but are yet unknown, belong to NP. The traveling salesman problem and 
the integer programming problem are two such problems among many others. 
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For an extensive list of problems in NP, the reader should consult Garey and 
Johnson, 1979. 


The importance of the satisfiability problem SAT’ is that it is NP- 
complete. This implies the remarkable fact that if SAT is in P, then P = NP. 
In other words, the existence of a polynomial-time algorithm for SAT implies 
that all problems in NP have polynomial-time algorithms, which includes 
many interesting problems apparently untractable at the moment. 


In order to explain the notion of N P-completeness, we need the concept 
of polynomial-time reducibility. Deterministic Turing machines can also be 
used to compute functions. Given a function f : &* — &*, a deterministic 
Turing machine M computes f if for every input u, there is a halting com- 
putation Co,...,C, such that Co contains u as input and C,, contains f(u) as 
output. The machine M computes f in polynomial time iff there is a polyno- 
mial p such that, for every input u, n < p(|u|), where n is the number of steps 
in the computation on input u. Then, we say that a set A is polynomially re- 
ducible to a set B if there is a function f : * — &* computable in polynomial 
time such that, for every input u, 


uw€A ifandonlyif f(u) € B. 


A set B is NP-hard if every set A in NP is reducible to B. A set B is 
NP-complete if it is in NP, and it is NP-hard. 


The significance of NP-complete problems lies in the fact that if one 
finds a polynomial time algorithm for any NP-complete problem B, then 
P= NP. Indeed, given any problem A € NP, assuming that the determin- 
istic Turing machine M solves B in polynomial time, we could construct a 
deterministic Turing machine M’ solving A as follows. Let My be the deter- 
ministic Turing machine computing the reduction function f. Then, to decide 
whether any arbitrary input u is in A, run My on input u, producing f(u), 
and then run M on input f(u). Since u € A if and only if f(u) € B, the above 
procedure solves A. Furthermore, it is easily shown that a deterministic Tur- 
ing machine M’ simulating the composition of My and M can be constructed, 
and that it runs in polynomial time (because the functional composition of 
polynomials is a polynomial). 


The importance of SAT lies in the fact that it was shown by S. A. Cook 
(Cook, 1971) that SAT is an NP-complete problem. In contrast, whether 
TAUT is in NP is an open problem. But TAUT is interesting for two other 
reasons. First, it can be shown that if TAUT is in P, then P = NP. This 
is unlikely since we do not even know whether TAUT is in NP. The second 
reason is related to the closure of NP under complementation. NP is said to 
be closed under complementation iff for every set A in NP, its complement 
u* — A is also in NP. 


The class P is closed under complementation, but this is an open prob- 
lem for the class NP. Given a deterministic Turing machine M, in order to 
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accept the complement of the set A accepted by M, one simply has to create 
the machine M obtained by swapping the accepting and the rejecting states of 
M. Since for every input u, the computation Co,...,C, of M on input wu halts 
in n < p(|u|) steps, the modified machine M accepts ©* — A is polynomial 
time. However, if 7 is nondeterministic, M may reject some input u because 
all computations on input u exceed the polynomial time bound p(|u|). Thus, 
for this input u, there is no computation of the modified machine M which 
accepts u within p(|u|) steps. The trouble is not that M cannot tell that u is 
rejected by M, but that M cannot report this fact in fewer than p(|u|) steps. 
This shows that in the nondeterministic case, a different construction is re- 
quired. Until now, no such construction has been discovered, and is rather 
unlikely that it will. Indeed, it can be shown that TAUT is in NP if and only 
if NP is closed under complementation. Furthermore, since P is closed under 
complementation if NP is not closed under complementation, then NP 4 P. 


Hence, one approach for showing that NP 4 P would be to show that 
TAUT is not in NP. This explains why a lot of effort has been spent on the 
complexity of the tautology problem. 


To summarize, the satisfiability problem SAT and the tautology problem 
TAUT are important because of the following facts: 


SAT e€P ifandonlyif P=WNP; 
TAUT € NP if and only if NP is closed under complementation; 
If TAUT € P, then P = NP; 
If TAUT ¢ NP, then NP FP. 


Since the two questions P = NP and the closure of NP under comple- 
mentation appear to be very hard to solve, and it is usually believed that their 
answer is negative, this gives some insight to the difficulty of finding efficient 
algorithms for SAT and TAUT. Also, the tautology problem appears to be 
harder than the satisfiability problem. For more details on these questions, 
we refer the reader to the article by S. A. Cook and R. A. Reckhow (Cook 
and Reckhow, 1971). 


PROBLEMS 


3.3.1. In this problem, it is assumed that the language of propositional logic 
is extended by adding the constant symbol T, which is interpreted as 
T. Prove that the following propositions are tautologies by construct- 
ing truth tables. 


Associativity rules: 
(AVB)VC)=(AV(BVC)) (AAB)AC)=(AA(BAC)) 
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Commutativity rules: 

(AV B)=(BVA) (AAB)=(BAA) 
Distributivity rules: 
(AV(BAC)) = ((AV B)A(AVC)) 
(AA (BV C)) = (AA B)V (AA C)) 
De Morgan’s rules: 

“(AV B) =(-AAA7B) 7=(AAB) =(-AV-B) 
Idempotency rules: 
(AVA)=A (AAA)=A 
Double negation rule: 
aAA=A 
Absorption rules: 
(AV(AAB))=A (AA(AVB))=A 
Laws of zero and one: 

(AV L)=A (AA L)=L 
(AVT)=T (AAT)=A 
(AV AA) =T (AATA) EL 


3.3.2. Show that the following propositions are tautologies. 


AD(BDA) 
(AD B)D((AD(BDC))D(ADOC)) 
ADd(BD(AAB)) 
AD (AV B) BD (AVB) 
(AD B) > ((AD 7B) D 7A) 
(AA B)DA (AA B) DB 
(AD C)D((BDC)D ((AVB)DOC)) 
AAD A 


3.3.3. Show that the following propositions are tautologies. 


(AD B)D ((BD A)D(A=B)) 
(A= B)D(AD B) 
(A= B) (BDA) 


3.3.4. Show that the following propositions are not tautologies. Are they 
satisfiable? If so, give a satisfying valuation. 


(AD C)D((BD D)D((AV B) DC)) 
(A D> B) Dd ((BD7C) DAA) 
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3.3.5. 
* 3.3.6. 


x 3.3.7. 


*« 3.3.8. 


* 3.3.9. 


3/Propositional Logic 
Prove that the propositions of lemma 3.3.4 are tautologies. 


Given a function f of m arguments and m functions g1,...,gm each 
of n arguments, the composition of f and g1,...,gm is the function h 
of n arguments such that for all x1,...,2n, 


A(ai,.-52n) = f(gi(@1, ---) Ln), +) Gm (1, «5 En))- 


For every integer n > 1, we let P”, (1 <1 <n), denote the projection 
function such that, for all 71,.., 2, 


PP (21, .-)Ln) = Ue 


Then, given any k truth functions H,,..., H,, let TF, be the inductive 
closure of the set of functions {Hj,...,H,, P[’,...,P"} under compo- 
sition. We say that a truth function H of n arguments is definable 
from M,,...,H, if H belongs to TF,. 


Let Ha» be the n-ary truth function such that 
Han(%1,..,0n) =F ifandonly if a=..=2,=F, 
and H,.,, the n-ary truth function such that 


Hen(%1,..5%n)=T ifandonly if va =...=2, =T. 


(i) Prove that every n-ary truth function is definable in terms of H, 
and some of the functions Hg», Hen. 


(ii) Prove that H_ is not definable in terms of Hy, H,, H>, and H=. 
Let Hy, be the binary truth function such that 


Anor (a, y) =T ifand only if z= y= F. 


Show that H,,o, = Ha, where A is the proposition (~P A =Q). Show 
that {Hor} is functionally complete. 


Let Hnang be the binary truth function such that Hpana(x,y) = F 
if and only if ¢ = y = T. Show that Hnand = Hp, where B is the 
proposition (~P V =Q). Show that {Hpana} is functionally complete. 


An n-ary truth function H is singulary if there is a unary truth 
function H’ and some i, 1 < i < n, such that for all 2,...,2n, 
A(a,...,Un) = H'(x;). 


(i) Prove that if H is singulary, then every n-ary function definable 
in terms of H is also singulary. (See problem 3.3.6.) 
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3.3.10. 


3.3.11. 


3.3.12. 


3.3.13. 


(ii) Prove that if H is a binary truth function and {7} is functionally 
complete, then either H = Ayo, or H = Ayana. 


Hint: Show that H(T,T) = F and AH(F,F) = T, that only four 
binary truth functions have that property, and use (i). 


A substitution is a function s: PS — PROP. Since PROP is freely 
generated by PS and 1, every substitution s extends to a unique 
function $ : PROP — PROP defined by recursion. Let A be any 
proposition containing the propositional symbols {P,,...,P,}, and s1 
and s2 be any two substitutions such that for every P; € {P\,..., Pr}, 
the propositions s;(P;) and s2(P;) are equivalent (that is s;(P;) = 
52(P;) is a tautology). 


Prove that the propositions $|(A) and $2(A) are equivalent. 
Show that for every set [ of propositions, 
(i) T, AEB ifand only if TE (AD B); 


@i)If T,AEB and T,AE-B, then PE-A; 
(ii) If T,AKC and T,BEOC, then I,(AVB) 


C. 


l 


Assume that we consider propositions expressed only in terms of the 
set of connectives {V,A,—}. The dual of a proposition A, denoted by 
A*, is defined recursively as follows: 


P* =P, for every propositional symbol P; 
(AV B)* = (A* A B*); 
(AA B)* = (A* V B*); 
(AA)* = 7A*. 


(a) Prove that, for any two propositions A and B, 


EA=B8B ifandonlyif -A*=B". 


(b) If we change the definition of A* so that for every propositional 
letter P, P* = =P, prove that A* and —A are logically equivalent 
(that is, (A* = —A) is a tautology). 


A literal is either a propositional symbol P, or the negation =P of a 
propositional symbol. A proposition A is in disjunctive normal form 
(DNF) if it is of the form C, V...VC,, where each C; is a conjunction 
of literals. 


(i) Show that the satisfiability problem for propositions in DNF can 
be decided in linear time. What does this say about the complexity 
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* 3.3.14. 


* 3.3.15. 


* 3.3.16. 
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of any algorithm for converting a proposition to disjunctive normal 


form? 


(ii) Using the proof of theorem 3.3.1 and some of the identities of 
lemma 3.3.6, prove that every proposition A containing n proposi- 
tional symbols is equivalent to a proposition A’ in disjunctive normal 
form, such that each disjunct C; contains exactly n literals. 


Let He be the truth function defined by the proposition 


(PAn7Q)V (=P AQ). 


(i) Prove that © (exclusive OR) is commutative and associative. 


(ii) In this question, assume that the constant for false is denoted 
by 0 and that the constant for true is denoted by 1. Prove that the 
following are tautologies. 


AVB=AABGAGB 


AA=AOl 
A®S®0=A 
A®A=0 
AA1L=A 
AN\A=A 

AA(B@C)=AAB@AAC 
AA0D=0 


(iii) Prove that {@, A, 1} is functionally complete. 


Using problems 3.3.13 and 3.3.14, prove that every proposition A is 
equivalent to a proposition A’ which is either of the form 0, 1, or 
Ci ®...@ Cn, where each C; is either 1 or a conjunction of positive 
literals. Furthermore, show that A’ can be chosen so that the C; are 
distinct, and that the positive literals in each C; are all distinct (such 
a proposition A’ is called a reduced exclusive-OR normal form). 


(i) Prove that if A’ and A” are reduced exclusive-OR normal forms of 
a same proposition A, then they are equal up to commutativity, that 
is: 


Either A’ = A” =0, or A’ = A” =1, or 
AO; heh Ons, <A SC Rade. 


where each Cj is a permutation of some C’’ (and conversely). 


Hint: There are 2?” truth functions of n arguments. 
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* 3.3.17. 


* 3.3.18. 


(ii) Prove that a proposition is a tautology if and only if its re- 
duced exclusive-OR normal form is 1. What does this say about the 
complexity of any algorithm for converting a proposition to reduced 
exclusive-OR normal form? 


A set T of propositions is independent if, for every A ET, 
T-—{A} KA. 


(a) Prove that every finite set [ has a finite independent subset A 
such that, for every AE T, AF A. 


(b) Let T be ordered as the sequence < Aj, Ag,.... >. Find a sequence 
I’ =< By, Bo,... > equivalent to T (that is, for every 1 > 1,0 - B; 
and I’ — A;), such that, for every i > 1, — (Biz, D B;), but 
K (B; > Bi+1). Note that I’ may be finite. 


(c) Consider a countable sequence I’ as in (b). Define C; = By, and 
for every 7 > 1, Cr41 = (Bn D Bn4i). Prove that A =< C1,C2,... > 
is equivalent to I’ and independent. 


(d) Prove that every countable set [ is equivalent to an independent 
set. 


(e) Show that A need not be a subset of T. 
Hint: Consider 


{ Po, Py \ Py, Py A Py A Py,..-}- 


See problem 3.3.13 for the definition of a literal. A proposition A is 
a basic Horn formula iff it is a disjunction of literals, with at most 
one positive literal (literal of the form P). A proposition is a Horn 
formula iff it is a conjunction of basic Horn formulae. 


(a) Show that every Horn formula A is equivalent to a conjunction of 
distinct formulae of the form, 


P;, or 
aPLV...VaPp,(n > 1), or 
aAPLV ...V Py V Pri, (n> 1), 


where all the P; are distinct. We say that A is reduced. 


(b) Let A be a reduced Horn formula A = Cy A C2 A... \ Cy, where 
the C; are distinct and each C; is reduced as in (a). Since V is 
commutative and associative (see problem 3.3.1), we can view each 
conjunct C; as a set. 
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(i) Show that if no conjunct C; is a positive literal, or every conjunct 
containing a negative literal also contains a positive literal, then A is 
satisfiable. 


(ii) Assume that A contains some conjunct C; having a single posi- 
tive literal P, and some conjunct C; distinct from C;, such that C; 
contains ~P. Let D;,; be obtained by deleting —P from C;. Let A’ 
be the conjunction obtained from A by replacing C’; by the conjunct 
Dj;,;, provided that D;,; is not empty. 


Show that A is satisfiable if and only if A’ is satisfiable and D;,; is 
not empty. 


(iii) Using the above, prove that the satisfiability of a Horn formula 
A can be decided in time polynomial in the length of A. 


Note: Linear-time algorithms are given in Dowling and Gallier, 1984. 


3.4 Proof Theory of Propositional Logic: The Gentzen 
System G’ 


In this section, we present a proof system for propositional logic and prove 
some of its main properties: soundness and completeness. 


3.4.1 Basic Idea: Searching for a Counter Example 


As we have suggested in Section 3.3, another perhaps more effective way of 
testing whether a proposition A is a tautology is to search for a valuation 
that falsifies A. In this section, we elaborate on this idea. As we progress 
according to this plan, we will be dealing with a tree whose nodes are la- 
beled with pairs of finite lists of propositions. In our attempt to falsify A, the 
tree is constructed in such a way that we are trying to find a valuation that 
makes every proposition occurring in the first component of a pair labeling 
a node true, and all propositions occurring in the second component of that 
pair false. Hence, we are naturally led to deal with pairs of finite sequences 
of propositions called sequents. The idea of using sequents originates with 
Gentzen, although Gentzen’s motivations were quite different. A proof sys- 
tem using sequents is very natural because the rules reflect very clearly the 
semantics of the connectives. The idea of searching for a valuation falsifying 
the given proposition is simple, and the tree-building algorithm implementing 
this search is also simple. Let us first illustrate the falsification procedure by 
means of an example. 


EXAMPLE 3.4.1 


Let 
A=(P2DQ)D(-QD =P). 
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Initially, we start with a one-node tree labeled with the pair 
(<>, < (P53 Q) 5 (-Q5 -P) >) 


whose first component is the empty sequence and whose second compo- 
nent is the sequence containing the proposition A that we are attempt- 
ing to falsify. In order to make A false, we must make P D Q true and 
AQ D> =P false. Hence, we build the following tree: 


(< PX Q>,<7Q>-P >) 
(<4,< (PQ). > (A OF) >) 


Now, in order to make P D Q true, we must either make P false or Q 
true. The tree must therefore split as shown: 


(<>,< P,-QD-P >) (<Q>,<7QD-7P>) 


(< PDQ>,<7Q>D-P>) 


(<>,< (P > Q) > (-Q5 -P) >) 
We continue the same procedure with each leaf. Let us consider the 
leftmost leaf first. In order to make —Q D -P false, we must make ~Q 


true and =P false. We obtain the tree: 


(< nQ >,< P,AP >) 


(<>,< P,-QD =P >) (<Q>,<7QD-3P>) 


(< PD Q>,<73QD-P >) 


(<>,< (PDQ) D(-Q 2 -7P) >) 


But now, in order to falsify the leftmost leaf, we must make both P and 
=P false and =Q true. This is impossible. We say that this leaf of the 
tree is closed. We still have to continue the procedure with the rightmost 
leaf, since there may be a way of obtaining a falsifying valuation this 
way. To make =Q D —-P false, we must make —Q true and —P false, 
obtaining the tree: 


(< n>Q >,< P,7AP >) (< Q,7Q >,< 3P >) 


(<>,< P,-QD =P >) (<Q>,<7QD-7P >) 


(< PX Q>,<73QD-P >) 


(<>,< (PDQ) D(-Q > -P) >) 
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This time, we must try to make —P false and both Q and 7Q false, 
which is impossible. Hence, this branch of the tree is also closed, and 
our attempt to falsify A has failed. However, this failure to falsify A is 
really a success, since, as we shall prove shortly, this demonstrates that 
A is valid! 


Trees as above are called deduction trees. In order to describe precisely 
the algorithm we have used in our attempt to falsify the proposition A, we 
need to state clearly the rules that we have used in constructing the tree. 


3.4.2 Sequents and the Gentzen System G’ 


First, we define the notion of a sequent. 


Definition 3.4.1 A sequent is a pair (IT, A) of finite (possibly empty) se- 
quences [T =< Aj,..., Am >, A =< Bi,...,Bn > of propositions. 


Instead of using the notation ([, A), a sequent is usually denoted as 
[ — A. For simplicity, a sequence < Aj,..., Am > is denoted as Aj,..., Am. 
If T is the empty sequence, the corresponding sequent is denoted as — A; if 
A is empty, the sequent is denoted as T > . and if both T and A are empty, 
we have the special sequent — (the inconsistent sequent). T is called the 
antecedent and A the succedent. 


The intuitive meaning of a sequent is that a valuation v makes a sequent 
Aj,--;Am — By,..., By true iff 


vu FE (ALA...A Am) D (Bi V...V Bn). 


Equivalently, v makes the sequent false if v makes Aj,..., A all true and 
B,,..., By all false. 


It should be noted that the semantics of sequents suggests that instead 
of using sequences, we could have used sets. We could indeed define sequents 
as pairs (I, A) of finite sets of propositions, and all the results in this section 
would hold. The results of Section 3.5 would also hold, but in order to present 
the generalization of the tree construction procedure, we would have to order 
the sets present in the sequents anyway. Rather than switching back and forth 
between sets and sequences, we think that it is preferable to stick to a single 
formalism. Using sets instead of sequences can be viewed as an optimization. 


The rules operating on sequents fall naturally into two categories: those 
operating on a proposition occurring in the antecedent, and those on a propo- 
sition occurring in the succedent. Both kinds of rules break the proposition 
on which the rule operates into subpropositions that may also be moved from 
the antecedent to the succedent, or vice versa. Also, the application of a rule 
may cause a sequent to be split into two sequents. This causes branching in 
the trees. Before stating the rules, let us mention that it is traditional in logic 
to represent trees with their root at the bottom instead of the root at the 
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top as it is customary in computer science. The main reason is that a tree 
obtained in failing to falsify a given proposition can be viewed as a formal 
proof of the proposition. The proposition at the root of the tree is the logical 
conclusion of a set of inferences, and it is more natural to draw a proof tree in 
such a way that each premise in a rule occurs above its conclusion. However, 
this may be a matter of taste (and perhaps, aesthetics). 


In the rest of this section, it will be assumed that the set of connectives 
used is {A, V,>, 7}, and that (A = B) is an abbreviation for (A D B) \(BD 
A), and | an abbreviation for (P A 4P). 


Definition 3.4.2 The Gentzen system G’. The symbolsT, A, A will be used 
to denote arbitrary sequences of propositions and A, B to denote propositions. 
The inference rules of the sequent calculus G’ are the following: 


DABASA i ier LOA AA TOABA A ony 
PRAgB AoA T—>A,AAB,A Ne 
T,A,A-A EBs (ten) T-5A,A,B,A (we eniehe 
T,AVB,A—>A en) Ta ave 
DASAA BRAGA iggy) APS BAA OC  iny 
T,ADB,ASA oc ESET WY De a 
TAOS AA A.ToA,A 
gle eee aa ote Fae ey ee 
Foes eft) ae right) 


The name of every rule is stated immediately to its right. Every rule 
consists of one or two upper sequents called premises and of a lower sequent 
called the conclusion. The above rules are called inference rules. For ev- 
ery rule, the proposition to which the rule is applied is called the principal 
formula, the propositions introduced in the premises are called the side for- 
mulae, and the other propositions that are copied unchanged are called the 
extra formulae. 


Note that every inference rule can be represented as a tree with two 
nodes if the rule has a single premise, or three nodes if the rule has two 
premises. In both cases, the root of the tree is labeled with the conclusion of 
the rule and the leaves are labeled with the premises. If the rule has a single 
premise, it is a tree of the form 


(1) Si 


(e) Sp 
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where the premise labels the node with tree address 1, and the conclusion 
labels the node with tree address e. If it has two premises, it is a tree of the 
form 


(1 2) 


) $1 So ( 
ae a 
(3) 


where the first premise labels the node with tree address 1, the second premise 
labels the node with tree address 2, and the conclusion labels the node with 
tree address e. 


EXAMPLE 3.4.2 
Consider the following instance of the D:left rule: 


A,B—P,D Q,A,B—- D 
A ED lyk DD 


In the above inference, (P > Q) is the principal formula, P and Q are 
side formulae, and A, B, D are extra formulae. 


A careful reader might have observed that the rules (D:left), (D:right), 
(:left), and (—:right) have been designed in a special way. Notice that the 
side proposition added to the antecedent of an upper sequent is added at 
the front, and similarly for the side proposition added to the succedent of an 
upper sequent. We have done so to facilitate the generalization of the search 
procedure presented below to infinite sequents. 


We will now prove that the above rules achieve the falsification procedure 
sketched in example 3.4.1. 


3.4.3 Falsifiable and Valid Sequents 


First, we extend the concepts of falsifiability and validity to sequents. 


Definition 3.4.3 A sequent Aj,...,Am — B1,...,B, is falsifiable iff there 
exists a valuation v such that 


A sequent as above is valid iff for every valuation v, 


vu K (AL A...A Am) D (Biv... V Bn). 


This is also denoted by 


= Ai, gay = By, weeps 
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If m = 0, the sequent — Bj,...,B, is falsifiable iff the proposition 
(=B, A... \ 4B,) is satisfiable, valid iff the proposition (B, V ... V By) is 
valid. If n = 0, the sequent Aj,...,Am — is falsifiable iff the proposition 
(A, A... A Am) is satisfiable, valid iff the proposition (A; A... A Am) is not 
satisfiable. Note that a sequent  — A is valid if and only if it is not falsifiable. 


Lemma 3.4.1 For each of the rules given in definition 3.4.2, a valuation v 
falsifies the sequent occurring as the conclusion of the rule if and only if v 
falsifies at least one of the sequents occurring as premises. Equivalently, v 
makes the conclusion of a rule true if and only if v makes all premises of that 
rule true. 


Proof: The proof consists in checking the truth tables of the logical 
connectives. We treat one case, leaving the others as an exercise. Consider 
the (D:left) rule: 


T,A-A,A BYT,A-A 
T,(ADB)A-A 


For every valuation v, v falsifies the conclusion if and only if v satisfies 
all propositions in T and A, and satisfies (A > B), and falsifies all propositions 
in A. From the truth table of (A D B), v satisfies (A D B) if either v falsifies 
A, or v satisfies B. Hence, v falsifies the conclusion if and only if, either 


(1) v satisfies [ and A, and falsifies A and A, or 


(2) v satisfies B, T and A, and falsifies A. 


3.4.4 Axioms, Deduction Trees, Proof Trees, Counter 
Example Trees 


The central concept in any proof system is the notion of proof. First, we 


define the axioms of the system G’. 


Definition 3.4.4 An aziom is any sequent I — A such that [ and A 
contain some common proposition. 


Lemma 3.4.2 No axiom is falsifiable. Equivalently, every axiom is valid. 


Proof: The lemma follows from the fact that in order to falsify an axiom, 
a valuation would have to make some proposition true on the left hand side, 
and that same proposition false on the right hand side, which is impossible. 


Proof trees are given by the following inductive definition. 
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Definition 3.4.5 The set of proof trees is the least set of trees containing all 
one-node trees labeled with an axiom, and closed under the rules of definition 
3.4.2 in the following sense: 


(1) For any proof tree T; whose root is labeled with a sequent T — A, 
for any instance of a one-premise inference rule with premise [ — A and 
conclusion A — ©, the tree T’ whose root is labeled with A — © and whose 
subtree T'/1 is equal to T, is a proof tree. 


(2) For any two proof trees T,; and T, whose roots are labeled with 
sequents [ + A and I’ — A’ respectively, for every instance of a two-premise 
inference rule with premises [ — A and I’ — A’ and conclusion A — 0, the 
tree T whose root is labeled with A — © and whose subtrees T/1 and T/2 
are equal to 7, and 7 respectively is a proof tree. 


The set of deduction trees is defined inductively as the least set of trees 
containing all one-node trees (not necessarily labeled with an axiom), and 
closed under (1) and (2) as above. 

A deduction tree such that some leaf is labeled with a sequent T — A 
where I’, A consist of propositional letters and are disjoint is called a counter- 
example tree. The sequent labeling the root of a proof tree (deduction tree) is 
called the conclusion of the proof tree (deduction tree). A sequent is provable 
iff there exists a proof tree of which it is the conclusion. If a sequent T — A 
is provable, this is denoted by 


FIA. 


EXAMPLE 3.4.3 
The deduction tree below is a proof tree. 


P,-Q — P Q—-Q,7P 
“Q > >P,P =Q,Q > -P 
PaO) Q — (-Q > =P) 


(PDO) =a aP) 
= (PDQ) D(-QD-P) 


The above tree is a proof tree obtained from the proof tree 


P,Q P Q>Q.-P 
=Q> 7P,P =Q,Q + >P 
= P,(-Q 3 +P) Q= (-Q3 +P) 


(PIO) (99 SP) 
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and the rule 
(PDQ) = (50> 4P) 


> (PDQ) 5 (-QD-P) 


In contrast, the deduction tree below is a counter-example tree. 


QP 
Q,-P > 

P= SPO 
> (PDQ) > (-P 5 -Q) 


= (PDQ)A(AP D 7Q) 


The above tree is obtained from the two counter-example trees 


Q— P 

Q,7P > 
P=Q SP SS0 
> (PQ) = (4P 5 -Q) 


and the rule 
(PQ) (AP AQ) 


= (PDQ) A(AP 5D 7Q) 


It is easily shown that a deduction tree T is a proof tree if and only if 
every leaf sequent of T’ is an axiom. 


Since proof trees (and deduction trees) are defined inductively, the in- 
duction principle applies. As an application, we now show that every provable 
sequent is valid. 


3.4.5 Soundness of the Gentzen System G’ 


Lemma 3.4.3 Soundness of the system G’. If a sequent [ — A is provable, 
then it is valid. 


Proof: We use the induction principle applied to proof trees. By lemma 
3.4.2, every one-node proof tree (axiom) is valid. There are two cases in the 
induction step. 


Case 1: The root of the proof tree T’ has a single descendant. In this 
case, T is obtained from some proof tree T, and some instance of a rule 
Sy 
So 
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By the induction hypothesis, $1 is valid. Since by Lemma 3.4.1, Sj is valid if 
and only if S2 is valid, Lemma 3.4.3 holds. 


Case 2: The root of the proof tree T has two descendants. In this case, 
T is obtained from two proof trees T; and T> and some instance of a rule 


Si So 

S3 
By the induction hypothesis, both S; and S32 are valid. Since by lemma 3.4.1, 
S3 is valid if and only if both $; and S_ are, lemma 3.4.3 holds. 


Next, we shall prove the fundamental theorem for the propositional se- 
quent calculus G’. Roughly speaking, the fundamental theorem states that 
there exists a procedure for constructing a candidate counter-example tree, 
and that this procedure always terminates (is an algorithm). If the original 
sequent is valid, the algorithm terminates with a tree which is in fact a proof 
tree. Otherwise, the counter-example tree yields a falsifying valuation (in fact, 
all falsifying valuations). The fundamental theorem implies immediately the 
completeness of the sequent calculus G’. 


3.4.6 The Search Procedure 


The algorithm searching for a candidate counter-example tree builds this tree 
in a systematic fashion. We describe an algorithm that builds the tree in 
a breadth-first fashion. Note that other strategies for building such a tree 
could be used, (depth-first, in particular). A breadth-first expansion strat- 
egy was chosen because it is the strategy that works when we generalize the 
search procedure to infinite sequents. We will name this algorithm the search 
procedure. 


Let us call a leaf of a tree finished iff the sequent labeling it is either an 
axiom, or all propositions in it are propositional symbols. We assume that a 
boolean function named finished testing whether a leaf is finished is available. 
A proposition that is a propositional symbol will be called atomic, and other 
propositions will be called nonatomic. A tree is finished when all its leaves 
are finished. 


The procedure search traverses all leaves of the tree from left to right as 
long as not all of them are finished. For every unfinished leaf, the procedure 
expand is called. Procedure expand builds a subtree by applying the appro- 
priate inference rule to every nonatomic proposition in the sequent labeling 
that leaf (proceeding from left to right). When the tree is finished, that is 
when all leaves are finished, either all leaves are labeled with axioms or some 
of the leaves are falsifiable. In the first case we have a proof tree, and in the 
second, all falsifying valuations can be found. 


Definition 3.4.6 Procedure search. The input to search is a one-node 
tree labeled with a sequent [ — A. The output is a finished tree T called a 
systematic deduction tree. 
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Procedure Search 


procedure search([ — A: sequent; var T : tree); 
begin 
let T be the one-node tree labeled with TA; 
while not all leaves of T are finished do 
To := T; 
for each leaf node of To 
(in lexicographic order of tree addresses) do 
if not finished(node) then 
expand(node, T) 
endif 
endfor 
endwhile; 
if all leaves are axioms 
then 
write (‘T is a proof of T — A’) 
else 
write (‘T — A is falsifiable’) 
endif 
end 


Procedure Expand 


procedure expand(node : tree-address; var T : tree); 
begin 
let Ay,...,Am 2 Bi,...,By be the label of node; 
let S be the one-node tree labeled with 
Ai, Ay, _ By, seey Bn; 
for i:= 1 to m do 
if nonatomic(A;) then 
S := the new tree obtained from S by 
applying to the descendant of A; in 
every nonaxiom leaf of S the 
left rule applicable to Aj; 
endif 
endfor; 
for i:=1tondo 
if nonatomic(B;) then 
S := the new tree obtained from S by 
applying to the descendant of B; in 
every nonaxiom leaf of S the 
right rule applicable to B,;; 
endif 
endfor; 
T := dosubstitution(T, node, S) 
end 


69 


70 3/Propositional Logic 


The function dosubstitution yields the tree T[node — S$] obtained by 
substituting the tree S at the address node in the tree T. Since a sequent 
Aj,..;Am 2 Bi,...,Bn is processed from left to right, if the propositions 
Aj,...,A;-1 have been expanded so far, since the propositions A;, ..., Am, 
By, .... Bn are copied unchanged, every leaf of the tree S' obtained so far is 
of the form I’, Aj,..., Am, — A, B,...,B,. The occurrence of A; following I 
is called the descendant of A; in the sequent. Similarly, if the propositions 
Aj,.--; Am, B1,...,Bj_1 have been expanded so far, every leaf of S is of the 
form [ > A, B;,..., By, and the occurrence of B; following A is called the 
descendant of B; in the sequent. Note that the two for loops may yield a tree 
S of depth m+n. 


A call to procedure expand is also called an expansion step. A round is 
the sequence of expansion calls performed during the for loop in procedure 
search, in which each unfinished leaf of the tree (To) is expanded. Note that 
if we change the function finished so that a leaf is finished if all propositions 
in the sequent labeling it are propositional symbols, the procedure search will 
produce trees in which leaves labeled with axioms also consist of sequents in 
which all propositions are atomic. Trees obtained in this fashion are called 
atomically closed. 


EXAMPLE 3.4.4 


Let us trace the construction of the systematic deduction tree (which is 
a proof tree) for the sequent 


(PA 7Q),(P DQ), (FT DR), (PAS) T. 


The following tree is obtained at the end of the first round: 


Q,P,7Q,P,S —T,T R,Q,P,7Q,P,S — T 


QE (PL 6) LE BOOP QO Phe) aa 


TA Q,P,-Q,(T DR), (PAS) + T 


PaO AP OQAED DAPAS) = 2 


(PA7Q),(P DQ), (TDR), (PAS) T 


where [T > A= P,7=Q,(T DR), (PAS) > PT. 


The leaves Q, P,=Q,P,S — T,T and R,Q,P,7AQ,P,S — T are not 
axioms (yet). Note how the same rule was applied to (P A S) in the 
nodes labeled Q, P,=Q,(P AS) > T,T and R,Q,P,7Q,(P AS) > T, 
because these occurrences are descendants of (PA S) in (PA 7Q),(P D 
Q),(T DR), (PAS) — T. After the end of the second round, we have 
the following tree, which is a proof tree. 


3.4 Proof Theory of Propositional Logic: The Gentzen System G"’ 71 


Q,P,P,S —Q,T,T R,Q,P,P,S > Q,T 
Q,P,7Q,P,5 —T,T R,Q,P,7Q,P,S —T 


EY le OP ae ore Ne oO Bye PQ PINS) al 


Pa Q,P,-Q,(T DR), (PAS) + T 


PAG) LPS QV (ESP AS) er 


(PA7Q),(P DQ), (TD R),(PAS)-—T 


where T > A= P,7=Q,(T DR), (PAS) > PT. 


It should also be noted that the algorithm of definition 3.4.6 could be 
made more efficient. For example, during a round through a sequent we 
could delay the application of two-premise rules. This can be achieved if a 
two-premise rule is applied only if a sequent does not contain propositions to 
which a one-premise rule applies. Otherwise the expand procedure is called 
only for those propositions to which a one-premise rule applies. In this fashion, 
smaller trees are usually obtained. For more details, see problem 3.4.13. 


3.4.7 Completeness of the Gentzen System G’ 


We are now ready to prove the fundamental theorem of this section. 


Theorem 3.4.1 The procedure search terminates for every finite input se- 
quent. If the input sequent [ — A is valid, procedure search produces a 
proof tree for T — A; if [ — A is falsifiable, search produces a tree from 
which all falsifying valuations can be found. 


Proof: Define the complexity of a proposition A as the number of logical 
connectives occurring in A (hence, propositional symbols have complexity 0). 
Given a sequent Ay,...,Am, — Bj,...,Bn, define its complexity as the sum 
of the complexities of Aj,...,Am,B1,...,B,. Then, observe that for every 
call to procedure expand, the complexity of every upper sequent involved in 
applying a rule is strictly smaller than the complexity of the lower sequent 
(to which the rule is applied). Hence, either all leaves will become axioms or 
their complexity will become 0, which means that the while loop will always 
terminate. This proves termination. We now prove the following claim. 


Claim: Given any deduction tree T’, a valuation v falsifies the sequent 
T= A labeling the root of T if and only if v falsifies some sequent labeling a 
leaf of T. 


Proof of claim: We use the induction principle for deduction trees. In 
case of a one-node tree, the claim is obvious. Otherwise, the deduction tree 
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is either of the form 
T 
So 
St 


where the bottom part of the tree is a one-premise rule, or of the form 


Sy 


where the bottom part of the tree is a two-premise rule. We consider the 
second case, the first one being similar. By the induction hypothesis, v falsifies 
S> if and only if v falsifies some leaf of T2, and v falsifies S3 if and only if v 
falsifies some leaf of T3. By lemma 3.4.1, v falsifies S; if and only if vu falsifies 
Sp or S3. Hence, v falsifies S$; if and only if either v falsifies some leaf of T> 
or some leaf of T3, that is, v falsifies some leaf of T. 


As a consequence of the claim, the sequent [ — A labeling the root 
of the deduction tree is valid, if and only if all leaf sequents are valid. It is 
easy to check that search builds a deduction tree (in a breadth-first fashion). 
Now, either T — A is falsifiable, or it is valid. In the first case, by the 
above claim, if v falsifies [ — A, then v falsifies some leaf sequent of the 
deduction tree T. By the definition of finished, such a leaf sequent must be 
of the form P,,...,Pm — Q1,...;Qn where the P; and Q; are propositional 
symbols, and the sets {P,,...,Pmn} and {Q1,...,Qn} are disjoint since the 
sequent is not an axiom. Hence, if [ — A is falsifiable, the deduction tree 
T is not a proof tree. Conversely, if T is not a proof tree, some leaf sequent 
of T is not an axiom. By the definition of finished, this sequent must be 
of the form P,,...,Pm — Q1,..,Qn where the P; and Q; are propositional 
symbols, and the sets {P1,..., Pm} and {Q1, ..., Qn} are disjoint. The valuation 
v which makes every P; true and every Q; false falsifies the leaf sequent 
Py,...;Pm — Q1,.--;Qn, and by the above claim, it also falsifies the sequent 
[ — A. Therefore, we have shown that [T — A is falsifiable if and only if 
the deduction tree T is not a proof tree, or equivalently, that [ — A is valid 
if and only if the deduction tree T is a proof tree. Furthermore, the above 
proof also showed that if the deduction tree T is not a proof tree, all falsifying 
valuations for  — A can be found by inspecting the nonaxiom leaves of T. 


Corollary Completeness of G’. Every valid sequent is provable. Further- 
more, there is an algorithm for deciding whether a sequent is valid and if so, 
a proof tree is obtained. 


As an application of the main theorem we obtain an algorithm to convert 
a proposition to conjunctive (or disjunctive) normal form. 
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3.4.8 Conjunctive and Disjunctive Normal Form 


Definition 3.4.7 A proposition A is in conjunctive normal form (for short, 
CNF) if it is a conjunction Cy A...A Cm of disjunctions C; = By V...V Bin, 
where each B;; is either a propositional symbol P or the negation —P of 
a propositional symbol. A proposition A is in disjunctive normal form (for 
short, DNF) if it is a disjunction Cy V...V Cm of conjunctions C; = Bi A 
A Bin;, where each B;,; is either a propositional symbol P or the negation 
aP of a propositional symbol. 


Theorem 3.4.2 For every proposition A, a proposition A’ in conjunctive 
normal form can be found such that = A = A’. Similarly, a proposition A” 
in disjunctive normal form can be found such that - A = A”. 


Proof: Starting with the input sequent — A, let T be the tree given 
by the algorithm search. By theorem 3.4.1, either A is valid in which case 
all leaves are axioms, or A is falsifiable. In the first case, let A’ = PV =P. 
Clearly, H A = A’. In the second case, the proof of theorem 3.4.1 shows that 
a valuation v makes A true if and only if it makes every leaf sequent true. For 
every nonaxiom leaf sequent Aj,..., Am — By,...,By, let 


C= 7A, V..VaAAp V By... V By 


and let A’ be the conjunction of these propositions. Clearly, a valuation v 
makes A’ true if and only if it makes every nonaxiom leaf sequent A1,..., Am — 
B,,..., Bn true, if and only if it makes A true. Hence, E A= A’. 


To get an equivalent proposition in disjunctive normal form, start with 
the sequent A — . Then, a valuation v makes A — false if and only if v makes 
at least some of the sequent leaves false. Also, v makes A — false if and only 
if v makes A true. For every nonaxiom sequent leaf Aj,..., 4m — Bi,...,Bn, 
let 


C=A,A...A\AmA7BLA...A7Bn 
and let A” be the disjunction of these propositions. We leave as an exercise 


to check that a valuation v makes some of the non-axiom leaves false if and 
only if it makes the disjunction A” true. Hence E A = A”. 


EXAMPLE 3.4.5 


Counter-example tree for 


=> (APD Q)D (ARDS). 
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PoR,S 

— R,S,AP Q—-R,S 
AR — S,AP aR,Q-S 
—- AP,ARDS Q-—-A7ARDS 


APD Q-ARDS 
= (APD Q)D (ARDS) 


An equivalent proposition in conjunctive normal form is: 


(-QV RV S)A(APVRVS). 


EXAMPLE 3.4.6 


Counter-example tree for 


(~APDQ)D(ARDS)—. 


— P,Q Ro 
aP-Q — AR So 
—-APDQ aARDS— 


(APD Q)D(ARD S)— 
An equivalent proposition in disjunctive normal form is: 


SV RV (AP A-7Q). 


We present below another method for converting a proposition to con- 
junctive normal form that does not rely on the construction of a deduction 
tree. This method is also useful in conjunction with the resolution method 
presented in Chapter 4. First, we define the negation normal form of a propo- 
sition. 


3.4.9 Negation Normal Form 


The set of propositions in negation normal form is given by the following 
inductive definition. 


Definition 3.4.8 The set of propositions in negation normal form (for short, 
NNF) is the inductive closure of the set of propositions {P,P | P € PS} 
under the constructors Cy and C). 
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More informally, propositions in NNF are defined as follows: 
(1) For every propositional letter P, P and —P are in NNF; 
(2) If A and B are in NNF, then (AV B) and (A A B) are in NNF. 


Lemma 3.4.4 Every proposition is equivalent to a proposition in NNF. 


Proof: By theorem 3.3.1, we can assume that the proposition A is ex- 
pressed only in terms of the connectives V and A and -. The rest of the proof 
proceeds by induction on the number of connectives. By clause (1) of defi- 
nition 3.4.8, every propositional letter is in NNF. Let A be of the form =B. 
If B is a propositional letter, by clause (1) of definition 3.4.8, the property 
holds. If B is of the form =C’, by lemma 3.3.6, =7=C’ is equivalent to C, by 
the induction hypothesis, C' is equivalent to a proposition C’ in NNF, and by 
lemma 3.3.5, A is equivalent to C’, a proposition in NNF. If B is of the form 
(CV D), by lemma 3.3.6, =(C'V D) is equivalent to (aC A aD). Note that 
both =C' and =D have fewer connectives than A. Hence, by the induction 
hypothesis, ~C and —D are equivalent to propositions C’ and D’ in NNF. By 
lemma 3.3.5, A is equivalent to (C’ A D’), which is in NNF. If B is of the 
form (CA D), by lemma 3.3.6, =(C' A D) is equivalent to (aC V aD). As in 
the previous case, by the induction hypothesis, aC’ and =D are equivalent to 
propositions C’ and D’ in NNF. By lemma 3.3.5, A is equivalent to (C’ VD’), 
which is in NNF. Finally, if A is of the form (B* C) where « € {A,V}, by the 
induction hypothesis, C and D are equivalent to propositions C’ and D’ in 
NNF, and by lemma 3.3.5, A is equivalent to (C’ « D’) which is in NNF. 


Lemma 3.4.5 Every proposition A (containing only the connectives V,A,7) 
can be transformed into an equivalent proposition in conjunctive normal form, 
by application of the following identities: 


ALA 
-(A A B) = (~AV 7B) 
-(AV B) = (AA ARB) 
AV(BAC) ~~ (AV B)A(AVC) 
(BAC)\VAY (BV A)A(CV A) 
(AA B)ACZAA(BAC) 
(AVB)VC2ZAV(BVC) 


Proof: The proof of lemma 3.4.4 only uses the first three tautologies. 
Hence, given a proposition A, we can assume that it is already in NNF. We 
prove by induction on propositions that a proposition in NNF can be converted 
to a proposition in CNF using the last four tautologies. If A is either of the 
form P or =P, we are done. If A is of the form (BVC) with B and C in NNF, 
by the induction hypothesis both B and C are equivalent to propositions B’ 
and C’ in CNF. If both B’ and C’ consist of a single conjunct, (B’ V C’) is 
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a disjunction of propositional letters or negations of propositional letters and 
by lemma 3.3.5, A is equivalent to (B’ V C’) which is in CNF. Otherwise, let 
Bl = BLA... AB, and C’ =CiLA...ACi, with either m > 1 orn > 1. 
By repeated applications of the distributivity and associativity rules (to be 
rigorous, by induction on m+n), 


(B'V CC!) =(BLA..ABIL)V(CLA..AC.) 
BBY Kaci Bi) V Cy) Ke BACB Bec PBL V Ce) 
ow \{(BiVC) [1 <item, 157 <n}. 


The resulting proposition is in CNF, and by lemma 3.3.5, A is equivalent to a 
proposition in CNF. If A is of the form (B AC) where B and C are in NNF, 
by the induction hypothesis, B and C are equivalent to propositions B’ and 
C’ in CNF. But then, (B’ AC’) is in CNF, and by lemma 3.4.5, A is equivalent 
to (B' AC’). 


The conjunctive normal form of a proposition may be simplified by using 
the commutativity rules and the idempotency rules given in lemma 3.3.6. A 
lemma similar to lemma 3.4.5 can be shown for the disjunctive normal form 
of a proposition. 


EXAMPLE 3.4.7 
Consider the proposition 


A=(APDQ)D (ARDS). 


First, we eliminate D using the fact that (-B V C) is equivalent to 
(BDC). We get 


(A(>4P V Q)) V (AFRV S). 
Then, we put this proposition in NNF. We obtain 
(APA-7=Q)V(RVS). 

Using distributivity we obtain 

(APV RV S)A(AQVRVS), 
which is the proposition obtained in example 3.4.5 (up to commutativ- 
ity). However, note that the CNF (or DNF) of a proposition is generally 
not unique. For example, the propositions 

(PVQ)A(=APV R) and (PVQ)A(APV R)A(QV R) 


are both in CNF and are equivalent. 
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3.4.1. Give proof trees for the following tautologies: 


AD(BDA) 
(AD B)D ((AD(BDC))D(ADC)) 
ADd(BD(AAB)) 
AD (AV B) BD(AVB) 

(AD B) > ((AD 7B) D 7A) 
(AA B)DA (AANB)DB 
(ADC) D ((BDC)D (AV B)DOC)) 
aAADA 


3.4.2. Using counter-example trees, give propositions in conjunctive and dis- 
junctive normal form equivalent to the following propositions: 


(AD C)D((BDD)D((AVB)DOC)) 
(A > B) D ((BD 7AC) DAA) 


3.4.3. Recall that L is a constant symbol always interpreted as F. 


(i) Show that the following equivalences are valid. 


(ii) Show that every proposition A is equivalent to a proposition A’ 
using only the connective > and the constant symbol L. 


(iii) Consider the following Gentzen-like rules for propositions over 
the language consisting of the propositional letters, > and _. 


The symbols IT, A, A denote finite arbitrary sequences of propositions 
(possibly empty): 


TA-SA,A BT,AGA A,[T—> B,A,A 
T,(AD B)A-A T—-A,(AD B),A 
ToA,A 


ToA,1,A 
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3.4.5. 
3.4.6. 
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The axioms of this system are all sequents of the form I — A where 


T and A contain a common proposition, and all sequents of the form 
T,LA- A. 


(a) Prove that for every valuation v, the conclusion of a rule is fal- 
sifiable if and only if one of the premises is falsifiable, and that the 
axioms are not falsifiable. 


(b) Prove that the above Gentzen-like system is complete. 


(c) Convert (P D Q) D (=Q D =P) to a proposition involving only 
> and L. Give a proof tree for this proposition in the above system. 


Let C' and D be propositions and P a propositional letter. Prove that 
the following equivalence (the resolution rule) holds by giving a proof 
tree: 


(CV P) \(DV =P) = (CV P)A(DV=P) A(CVD) 


Show that the above also holds if either C or D is missing. 
Give Gentzen-like rules for equivalence (=). 


Give proof trees for the following tautologies: 


Associativity rules: 
(AV B)VC)S=(AV(BVC)) (AA B)AC)S(AA(BAC)) 
Commutativity rules: 
(AV B)=(BVA) (AAB)=(BAA) 
Distributivity rules: 
(AV(BAC)) = (AV B)A(AVC)) 
(AA(BV C)) = (AA B)V (AA C)) 
De Morgan’s rules: 
“(AV B) =(-AAA7AB) 7=(AAB) = (AAV -7B) 
Idempotency rules: 
(AVA)=A (AAA)=A 
Double negation rule: 
aAA=A 
Absorption rules: 
(AV(AAB))=A (AA(AVB))=A 
Laws of zero and one: 
(AV L)=A (AA L)=L 
(AVT)=T (AAT)=A 
(AV AA) =T (AATA) EL 
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3.4.7. 


3.4.8. 


* 3.4.9. 


Instead of defining logical equivalence (~) semantically as in definition 
3.3.6, let us define ~ proof-theoretically so that, for all A, B € PROP, 


A-~ Bif and only if } (AD B)A(BD A)inG’. 


Prove that ~ is an equivalence relation satisfying the properties of 
lemma 3.3.5 (Hence, ~ is a congruence). 


Give Gentzen-like rules for the connective © (exclusive-or), where Ha 
is the binary truth function defined by the proposition (P A =Q) V 
(AP AQ). 


The Hilbert system H for propositional logic is defined below. For 
simplicity, it is assumed that only the connectives A, V, > and 7 are 
used. 


The azioms are all propositions given below, where A,B,C denote 
arbitrary propositions. 
AD(BDA) 
(AD B)D ((AD(BDC))D(ADOC)) 
AD (BD(AAB)) 
AD (AV B), BD(AVB) 
(AD B) > ((AD 7B) D 7A) 
(AA B)DA, (AA B)DB 
(ADC) D ((BDC)D (AV B)DOC)) 
AAD A 


There is a single inference rule, called modus ponens given by: 


A (ADB) 
B 


Let {Aj,..., Am} be any set of propositions. The concept of a de- 
duction tree (in the system H) for a proposition B from the set 
{A1,...; Am} is defined inductively as follows: 


(i) Every one-node tree labeled with an axiom B or a proposition B 
in {Aj,..., Am} is a deduction tree of B from {Aj,..., Am}. 


(ii) If T, is a deduction tree of A from {Aj,..., Am} and T> is a de- 
duction tree of (A D B) from {Aj,..., Am}, then the following tree is 
a deduction tree of B from {Aj,..., Am}: 


T T 
A (A> B) 
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* 3.4.10. 


* 3.4.11. 
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A proof tree is a deduction tree whose leaves are labeled with axioms. 
Given a set {Aj,..., Am} of propositions and a proposition B, we use 
the notation Aj,...,Am / B to denote that there is deduction of B 
from {Aj,..., Am}. In particular, if the set {A1,..., Am} is empty, the 
tree is a proof tree and we write F B. 


(i) Prove that modus ponens is a sound rule, in the sense that if both 
premises are valid, then the conclusion is valid. Prove that the system 
H is sound; that is, every proposition provable in H is valid. 


(ii) Prove that for every proposition A, (AD A). 


Hint: Use the axioms A D> (B D A) and (AD B)D (AD (BD 
C))D (ADOC). 


(iii) Prove the following: 


(a) Aj,...,Amb A;, for every 7,1 <i<m. 
(b) If Ay,..., Am / B; for every i,1 <i <m and 
By, mae oP F C, then Aj, ia Ay EC, 


In this problem, we are also considering the proof system H of problem 
3.4.9. The deduction theorem states that, for arbitrary propositions 
Aj,..-; Am, A, B, 


if A1,..., 4m, A B, then 
Aj, ., Am & (ADB). 


Prove the deduction theorem. 


Hint: Use induction on deduction trees. The base case is relatively 
easy. For the induction step, assume that the deduction tree is of the 
form 
oi TS 
By (By >) B) 
B 


where the leaves are either axioms or occurrences of the propositions 
Aj,..,4m,A. By the induction hypothesis, there are deduction trees 
T; for (A D B,) and T5 for (A > (B; D B)), where the leaves of T] 
and T3 are labeled with axioms or the propositions Aj,..., Am. Show 
how a deduction tree whose leaves are labeled with axioms or the 
propositions Aj, ..., Am can be obtained for (A D B). 


In this problem, we are still considering the proof system H of problem 
3.4.9. Prove that the following meta-rules hold about deductions in 
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* 3.4.12. 


3.4.13. 


the system H: For all propositions A,B,C and finite sequence [ of 
propositions (possibly empty), we have: 


Introduction Elimination 
> Ifl,AtB, A,(AD> B)- B 
then TF (AD B) 
A A,BE(AAB) (AA B)FA 
(AA B)F B 
V AF(AVB) Iff,AtCandr,BrC 


then T,(AV B) FC 
-— Iff,AhBandT,AFAB -=7AFA 
then T =A (double negation elimination) 
(reductio ad absurdum) A,7~Al- B 
(weak negation elimination) 


Hint: Use problem 3.4.9(iii) and the deduction theorem. 


In this problem it is shown that the Hilbert system H is complete, by 
proving that for every Gentzen proof T of a sequent — A, where A 
is any proposition, there is a proof in the system H. 


(i) Prove that for arbitrary propositions Aj,...,Am, B1,...,Bn, 


(a) in H, for n > 0, 
Ay, -; Am, 7Bi,..., 7B, PA -7P if and only if 
Al, 4 Am, 7B, vey SD yi EF Bn, and 
(b) in H, for m > 0, 


Aj, ..; Am, 7Bi,..., 72Bnb PA -7P if and only if 
Ads.2ivAy. By, we By E Ay. 


(ii) Prove that for any sequent Aj,..., Am — Bi,..., Bn, if 
Arise Age S Bijess Ba 
is provable in the Gentzen system G’ then 
Ais ng AeA Bie cB (PREP) 


is a deduction in the Hilbert system H. Conclude that H is complete. 
Hint: Use problem 3.4.11. 


Consider the modification of the algorithm of definition 3.4.6 obtained 
by postponing applications of two-premise rules. During a round, a 
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two-premise rule is applied only if a sequent does not contain proposi- 
tions to which a one-premise rule applies. Otherwise, during a round 
the expand procedure is called only for those propositions to which a 
one-premise rule applies. 


Show that theorem 3.4.1 still holds for the resulting algorithm. Com- 
pare the size of the proof trees obtained from both versions of the 
search algorithm, by trying a few examples. 


3.4.14. Write a computer program (preferably in PASCAL or C) implement- 
ing the search procedure of definition 3.4.6. 


3.5 Proof Theory for Infinite Sequents: Extended Com- 
pleteness of G’ 


In this section, we obtain some important results for propositional logic (ex- 
tended completeness, compactness, model existence) by generalizing the pro- 
cedure search to infinite sequents. 


3.5.1 Infinite Sequents 


We extend the concept of a sequent I’ — A by allowing [ or A to be count- 
ably infinite sequences of propositions. The method of this section is very 
important because it can be rather easily adapted to show the completeness 
of a Gentzen system obtained by adding quantifier rules to G’ for first-order 
logic (see Chapter 5). 


By suitably modifying the search procedure, we can generalize the main 
theorem (theorem 3.4.1) and obtain both the extended completeness theorem 
and the compactness theorem. The procedure search is no longer an algorithm 
since it can go on forever in some cases. However, if the input sequent is 
valid, a finite proof will be obtained. Also, if the input sequent is falsifiable, 
a falsifying valuation will be (nonconstructively) obtained. 


We will now allow sequents [ — A in which [ or A can be countably 
infinite sequences. It is convenient to assume that I is written as Aj,..., Am, ..- 
(possibly infinite to the right) and that A is written as By,...,By,... (possibly 
infinite to the right). Hence, a sequent will be denoted as 


Al, bey Aes id By, He Bins re 


where the lists on both sides of — are finite or (countably) infinite. 


In order to generalize the search procedure, we need to define the func- 
tions head and tail operating on possibly infinite sequences. Let us denote 
the empty sequence as <>. 


head(<>) =<>; otherwise head(Aj,..., Am,.-.) = At. 
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tail(<>) =<>; otherwise tail(Aj,..., Am,--.) = Aa,-;Ams-+ + 


In particular, tail(A,) =<>. The predicate atomic is defined such that 
atomic(A) is true if and only if A is a propositional symbol. 


3.5.2 The Search Procedure for Infinite Sequents 


Every node of the systematic tree constructed by search is still labeled with 
a finite sequent [ — A. We will also use two global variables L and R, which 
are possibly countably infinite sequences of propositions. The initial value of 
L is tail({) and the initial value of R is tail(Ag), where [9 — Ap is the 
initial sequent. 


A leaf of the tree is an axiom (or is closed) iff its label T — A is an 
axiom. A leaf is finished iff either 


(1) it is closed, or 


(2) the sequences L and R are empty and all propositions in T, and A 
are atomic. The new versions of procedures search and expand are given as 
follows. 


Definition 3.5.1 Procedure search. 


procedure search(['9 — Ao : sequent; var T : tree); 
begin 
L := tail((9); T := head(1); 
R := tail(Ao); A := head(Ao); 
let T be the one-node tree labeled with [ — A; 
while not ail leaves of T are finished do 
To := T; 
for each leaf node of To 
(in lexicographic order of tree addresses) do 
if not finished(node) then 
expand(node, T) 
endif 
endfor; 
L :=tail(L); R := tail(R) 
endwhile; 
if all leaves are closed 
then 
write (‘T is a proof of To — Ao’) 
else 
write (‘To — Ao is falsifiable’) 
endif 
end 


The input to search is a one-node tree labeled with a possibly infinite 
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sequent [ — A. Procedure search builds a possibly infinite systematic deduc- 
tion tree using procedure expand. 


Procedure expand is modified as follows: For every leaf u created during 
an expansion step, if [ — A is the label of u, the finite sequent [ > A is 
extended to T,head(L) — A,head(R). At the end of a round, the heads 
of both LZ and R are deleted. Hence, every proposition will eventually be 
considered. 


Procedure Expand 


procedure expand(node : tree-address; var T : tree); 
begin 
let Aj,...,.Am 2 Bi,...,By be the label of node; 
let S be the one-node tree labeled with 
Ai, cep ey _ By, seey Bn; 
for 1:=1 tom do 
if nonatomic(A;) then 
S := the new tree obtained from S by 
applying to the descendant of A; in 
every nonaxiom leaf of S the 
left rule applicable to A,; 
(only the sequent part is modified, 
L and R are unchanged) 
endif 
endfor; 
for 1:=1 ton do 
if nonatomic(B;) then 
S := the new tree obtained from S by 
applying to the descendant of B; in 
every nonaxiom leaf of S the 
right rule applicable to B,;; 
(only the sequent part is modified, 
L and R are unchanged) 
endif 
endfor; 
for each nonaziom leaf u of S do 
let’ + A be the label of u; 
I’ :=T, head(L); 
A’ := A, head(R); 
create a new leaf ul, son of u, 
labeled with the sequent TI’ — A’ 
endfor; 
T := dosubstitution(T, node, S) 
end 


If search terminates with a systematic tree whose leaves are all closed, 
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we say that search terminates with a closed tree. Note that a closed tree is 
finite by definition. We will also need the following definitions. 


Definition 3.5.2 Given a possibly infinite sequent [ — A, a valuation v 
falsifies [ — A if 
vEA 


for every proposition A in I, and 


ve AB 


for every proposition B in A. We say that T — A is falsifiable. 


A valuation v satisfies T > A if, whenever 


vEA 


for every proposition A in I’, then there is some proposition B in A such that 


vE B. 


We say that [ — A is satisfiable. 


The sequent [ — A is valid if it is satisfied by every valuation. This is 
denoted by 
ETA. 


The sequent [ — A is provable if there exist finite subsequences C},...,Cm 
and Dy,...,D, of T and A respectively, such that the finite sequent 


Ch, seey Cm —?. Dy, sil 
is provable. This is denoted by 


FIT GA. 


Note that if an infinite sequent is provable, then it is valid. Indeed, if 
T — A is provable, some subsequent Cj, ...,Cm — Dj,..., Dy is provable, and 
therefore valid. But this implies that I — A is valid, since Dj,...,Dy is a 
subsequence of A. 


EXAMPLE 3.5.1 
Consider the sequent 9 — Ao where 


TpS< Fun Po SFiS Papel SD Bt) ce Ss 


and 
Ao =< Q,P3>. 
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Initially, 


T=< P>, 

L=< (Po D Pi), (Pi D Po), ..., (Pi D Pig), >, 
A=<Q>, and 

R=< P3>. 


At the end of the first round, we have the following tree: 


Po, (Po > Pi) — Q, Ps 
PQ 


Note how (Po D P;), the head of L, was added in the premise of the top 
sequent, and P3, the head of R, was added to the conclusion of the top 
sequent. At the end of this round, 

L=< (P, D Po),...,(P;) D Pisi),.. > and R=<>. 


At the end of the second round, we have: 


P,, Po, (Pi D Po) — Q, Ps 


Po — Po, Q, P3 P,, Po = Q, P3 


Po, (Po D> Pi) — Q, P3 


P= Q 
We have 
L=< (P2 D> P3),...,(P; D> Pi4i),.. > and R=<>. 


At the end of the third round, we have the tree: 


P2, Pi, Po, (P2 D P3) — Q, P3 


P,, Po — Pi, Q, P3 P2, P,, Po = Q, P3 


P,, Po, (Pi D P2) — Q, Ps 


Po — Po, Q, P3 Pi, Po = Q, P3 


Po, (Po > Pi) — Q, P3 


PQ 
We have 


L=< (P3D P,),...,(P;) D Pisi),.. > and R=<>. 
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At the end of the fourth round, we have the closed tree: 


P2, Pi, Po — Po, Q, P3 P3, Pz, Pi, Po > Q, P3 


Poy Pigs Poy (Pe D Pa) =.0Ps 


P,, Po > Pi, Q, P3 P2,P1, Po = Q, P3 


P,, Po, (Pi D P2) — Q, P3 


Il; Pi, Po = Q, P3 


Po, (Po > Pi) — Q, P3 


Po Q 


where 


Il; = Po > Po, Q, P3. 


The above tree is not quite a proof tree, but a proof tree can be con- 
structed from it as follows. Starting from the root and proceeding from 
bottom-up, for every sequent at depth & in which a proposition of the 
form head(L) or head(R) was introduced, add head(L) after the right- 
most proposition of the premise of every sequent at depth less than k, 
and add head(R) after the rightmost proposition of the conclusion of 
every sequent at depth less than k: 


P,P, Po — Po, Q, P3 P3, Px, Pi, Po — Q, P3 


P,, P,, Po, (P2 D P3) — Q, P3 


( 
IIs P2, Pi, Po, (P2 D P3) — Q, P3 
) 


P,, Po, (Pi D Pe), (P2 > P3) > Q, P3 


TIy P,, Po, P, D P2),(P2 D Ps) > Q, P3 


( 
Poi ho Poy (ES Py) (Pa SD Pa) SOs 
Poy (Po Pi) (Pr 2S Po) Pe SPs) SOPs 
with 


Ilo = Po, (Pi D Pz), (Po > Ps) — Po, Q; Ps 
and I]3 = Py, Po, (P2 > P3) — Pi, Q, P3. 


Then, delete duplicate nodes, obtaining a legal proof tree: 
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Pz, Pi, Po — Po, Q, P3 P3, Pz, P,, Py > Q, P3 


Il3 P2,P,, Po, (P2 > P3) > Q, P3 


Ip P,, Po, (Pi D Po), (P2 > P3) > Q, P3 


Po, (Po > Pi), (Pi D Pe), (P2 > P3) — Q, P3 
with 
Ilz = Po, (Pi > P2), (Po D P3) — Po, Q, Ps 
and I]3 = Py, Po, (P2 D P3) — Pi, Q, P3. 


EXAMPLE 3.5.2 


Consider the sequent 97 — Ap where 
To =<.Po; (o>: Pi),(Pi D Pe), so (Pi Fa), >, 


and 
Ao =<Q> : 


Note that the only difference is the absence of P3 in the conclusion. This 
time, the search procedure does not stop. Indeed, the rightmost branch 
of the tree is infinite, since every sequent in it is of the form 


Pry Pr—1,+-P1,Po > Q. 


Let U be the union of all the propositions occurring as premises in the 
sequents on the infinite branch of the tree, and V be the union of all the 
propositions occurring as conclusions in such sequents. We have 


C= {(Po ») P,), ier) ex 2) Peta wy Po, Pi, ey iy hls 


and 
V = {Q}. 


The pair (U,V) can be encoded as a single set if we prefix every proposi- 
tion in U with the letter “T” (standing for true), and every proposition 
in V with the letter “F” (standing for false). The resulting set 


CPs SP ial (Pe PA pols PPy TE oa Pies PON 


is a set having some remarkable properties, and called a Hintikka set. 
The crucial property of Hintikka sets is that they are always satisfiable. 
For instance, it is easy to see that the valuation such that v(P;) = T for 
all i > 0 and v(Q) = F satisfies the above Hintikka set. 


Roughly speaking, the new version of the search procedure is complete 
because: 
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(1) If the input sequent is valid, a proof tree can be constructed from 
the output tree (as in example 3.5.1); 


(2) If the sequent is falsifiable, the output tree contains a path from 
which a Hintikka set can be constructed (as in example 3.5.2). Hence, a 
counter example exists. 


In order to prove rigorously properties (1) and (2), we will need some 
auxiliary definitions and lemmas. First, we shall need the following result 
about infinite finite-branching trees known as K6nig’s lemma. 


3.5.3 Konig’s Lemma 


Recall from Subsection 2.2.2 that a tree T is finite branching iff every node 
has finite outdegree (finite number of successors). 


Lemma 3.5.1 (Konig’s lemma) If T is a finite-branching tree with infinite 
domain, then there is some infinite path in T. 


Proof: We show that an infinite path can be defined inductively. Let uo 
be the root of the tree. Since the domain of T is infinite and up has a finite 
number of successors, one of the subtrees of up must be infinite (otherwise, 
T would be finite). Let ui be the root of the leftmost infinite subtree of uo. 
Now, assume by induction that a path uo, ..., uy, has been defined and that the 
subtree T'/u,, is infinite. Since u,, has a finite number of successors and since 
T/un is infinite, using the same reasoning as above, u, must have a successor 
which is the root of an infinite tree. Let un+ 1 be the leftmost such node. It 
is clear that the above inductive construction yields an infinite path in T (in 
fact, the leftmost such path). 


Remark: The above proof only shows the existence of an infinite path. 
In particular, since there is in general no effective way of testing whether a 
tree is infinite, there is generally no algorithm to find the above nodes. 


In example 3.5.2, the two sets U and V play a crucial role since they yield 
a falsifying valuation. The union of U and V is a set having certain remarkable 
properties first investigated by Hintikka and that we now describe. For this, 
it is convenient to introduce the concept of a signed formula as in Smullyan, 
1968. 


3.5.4 Signed Formulae 


Following Smullyan, we will define the concept of an a-formula and of a b- 
formula, and describe their components. Using this device greatly reduces the 
number of cases in the definition of a Hintikka set, as well as in some proofs. 


Definition 3.5.3 A signed formula is any expression of the form T'A or FA, 
where A is an arbitrary proposition. Given any sequent (even infinite) [ > A, 
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we define the signed set of formulae 


{TA| A€T}U{FB| Be A}. 


Definition 3.5.4 type-a and type-b signed formulae and their components 
are defined in the following tables. If A is a signed formula of type a, it has 
two components denoted by A; and Ag. Similarly, if B is a formula of type 
b, it has two components denoted by B; and Bo. 


Type-a formulae 


A A Ag 
DIX SBE . OY: 
F(XVY) FX FY 
BIXRDY PX: FY 

T(7X) FX FX 
F(AX) EX PX 


Type-b formulae 


B By By 
F(XAY) FX FY 
TIXMY > “DX SPF 
TXOY) FX. TY 


Definition 3.5.5 <A valuation v makes the signed formula TA true iff v 
makes A true and v makes FA true iff v makes A false. A valuation v 
satisfies a signed set S iff v makes every signed formula in S true. 


Note that for any valuation, a signed formula A of type a is true if and 
only if both A; and Ag are true. Accordingly, we also refer to an a-formula 
as a formula of conjunctive type. On the other hand, for any valuation, a 
signed formula B of type b is true if and only if at least one of By, Bo is 
true. Accordingly, a b-formula is also called a formula of disjunctive type. 


Definition 3.5.6 The conjugate of a signed formula is defined as follows: 
The conjugate of a formula TA is F'A, and the conjugate of FA is TA. 


3.5.5 Hintikka Sets 


A Hintikka set is a set of signed formulae satisfying certain downward closure 
conditions that ensure that such a set is satisfiable. 


Definition 3.5.7 A set S of signed formulae is a Hintikka set iff the following 
conditions hold: 
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(H1) No signed propositional letter and its conjugate are both in S. 
(H2) If a signed a-formula A is in S then both A; and Ag are in S. 
(H3) If a signed b-formula B is in S then either B, is in S or By is in S. 


The following lemma shows that Hintikka sets arise when the search 
procedure does not produce a closed tree (recall that a closed tree is finite). 


Lemma 3.5.2 Whenever the tree T constructed by the search procedure is 
not a closed tree, a Hintikka set can be extracted from T’. 


Proof: If T is not a closed tree, then either it is finite and some leaf is 
not an axiom, or it is infinite. If T is infinite, by lemma 3.5.1, there is an 
infinite path in T. In the first case, consider a path to some nonaxiom leaf, 
and in the second consider an infinite path. Let 


S={TA|AcU}U{FB|BevV} 


be the set of signed formulae such that U is the union of all propositions 
occurring in the antecedent of each sequent in the chosen path, and V is the 
union of all propositions occurring in the succedent of each sequent in the 
chosen path. S is a Hintikka set. 


(1) H1 holds. Since every atomic formula occurring in a sequent occurs 
in every path having this sequent as source, if S contains both TP and FP 
for some propositional letter P, some sequent in the path is an axiom. This 
contradicts the fact that either the path is finite and ends in a non-axiom, or 
is an infinite path. 


(2) H2 and H3 hold. This is true because the definition of a-components 
and b-components mirrors the inference rules. Since all nonatomic propo- 
sitions in a sequent [ — A on the chosen path are considered during the 


expansion phase, and since every proposition in the input sequent is eventu- 
ally considered (as head(L) or head(R)): 


(i) For every proposition A in U, if A belongs to T > A and TA is of 
type a, A; and Ag are added to the successor of I — A during the expansion 
step. More precisely, if Ay (or Ag) is of the form TC; (or TC2), Cy (C2) is 
added to the premise of the successor of T — A; if A, (Ag) is of the form 
FC, (FC), Ci (C2) is added to the conclusion of the successor of [ > A. In 
both cases, A; and Ag belong to S. 


(ii) If A belongs to T > A and TA is of type b, A; is added to the left 
successor of [ — A, and Ag is added to the right successor of fr — A, during 
the expansion step. As in (i), more precisely, if A, (or Ag) is of the form TC; 
(T'C2), Cy (C2) is added to the premise of the left successor (right successor) 
of [ — A; if A, (Ag) is of the form FC, (FC)), Ci (C2) is added to the 
conclusion of the left successor (right successor) of [ — A. Hence, either By, 
or By belongs to S. 
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Properties (i) and (ii) also apply to the set V. This proves that S is a 
Hintikka set. 


The following lemma establishes the fundamental property of Hintikka 
sets. 


Lemma 3.5.3 Every Hintikka set S is satisfiable. 


Proof: We define a valuation v satisfying S as follows: For every signed 
propositional symbol TP in S$ let v(P) = T; for every signed propositional 
symbol F'P in S let v(P) = F; for every propositional symbol P such that 
neither TP nor F'P is in S, set arbitrarily v(P) = T. By clause (H1) of a 
Hintikka set, v is well defined. It remains to show that v makes every signed 
formula TX or FX true (that is, in the first case X true and in the second 
case X false). This is shown by induction on the number of logical connectives 
in X. Since every signed formula is either of type a or of type b, there are two 
cases. 

(1) If A of type a is in S, by (H2) both A; and Ag are in S. But A; and 


Az have fewer connectives than A and so, the induction hypothesis applies. 
Hence, v makes both A; and A: true. This implies that v makes A true. 


(2) If B of type b is in S, by (H3) either B; or Bg is in S. Without loss 
of generality assume that B, is in S. Since B, has fewer connectives than B, 
the induction hypothesis applies. Hence, v makes B, true. This implies that 
v makes B true. 


3.5.6 Extended Completeness of the Gentzen System G’ 


We are now ready to prove the generalization of theorem 3.4.1. 


Theorem 3.5.1 Given a sequent I — A, either 
(1) T — A is falsifiable and 


(i) If f > A is infinite, then search runs forever building an infinite 
tree T, or 

(ii) If [ > A is finite, then search produces a finite tree T with some 
non-axiom leaf. 


In both cases, a falsifying valuation can be obtained from some 
path in the tree produced by procedure search; or 


(2) T — Ais valid and search terminates with a closed tree T. In this case, 
there exist finite subsequences C1,...,Cm and Dj,...,D, of T and A 
respectively such that the sequent C,...,Cm — Dj1,...,Dy is provable. 


Proof: First, observe that if a subsequent of a sequent is valid, the 
sequent itself is valid. Also, if ! — A is infinite, search terminates if and only 
if the tree is closed. This last statement holds because any node that is not an 
axiom is not finished, since otherwise L and R would be empty, contradicting 


3.5 Proof Theory for Infinite Sequents: Extended Completeness of G’ 93 


the fact that [ — A is infinite. Hence, at every step of the procedure search, 
some node is unfinished, and since the procedure expand adds at least one 
new node to the tree (when head(L) is added to T and head(R) is added to 
A), search builds an infinite tree. Consequently, if [ — A is infinite, either 
search halts with a closed tree, or it builds an infinite tree. 


If search halts with a closed tree, let C1, ..., Cm be the initial subsequence 
of propositions in I that were deleted from T to obtain L, and Dj,..., Dy be 
the initial subsequence of propositions in A which were deleted from A to 
obtain R. A proof tree for a the finite sequent Cj,...,Cm, — Dy4,...,Dn can 
easily be obtained from T, using the technique illustrated in example 3.5.1. 


First, starting from the root and proceeding bottom-up, for each node 
T, head(L) — A, head(R) 


at depth k created at the end of a call to procedure expand, add head(L) after 
the rightmost proposition in the premise of every sequent at depth less than 
k, and add head(R) after the rightmost proposition in the conclusion of every 
sequent at depth less than k, obtaining the tree T’. Then, a proof tree T” 
for C,...,Cm — Dj,...,Dn is constructed from T’ by deleting all duplicate 
nodes. The tree T” is a proof tree because the same inference rules that have 
been used in T are used in T”. A proof similar to that of theorem 3.4.1 shows 
that C1, ...,Cm — D1,...,Dn is valid and consequently that [ — A is valid. 


Hence, if the search procedure halts with a closed tree, a subsequent of 
IT = A is provable, which implies that [ > A is provable (and consequently 
valid). Hence, if! — A is falsifiable, either the search procedure halts with 
a finite nonclosed tree if [ — A is finite, or else search must go on forever 
if [ — A is infinite. If the tree is finite, some leaf is not an axiom, and 
consider the path to this leaf. Otherwise, let T’ be the infinite tree obtained 
in the limit. This tree is well defined since for every integer k, search will 
produce the subtree of depth k of T. Since T is infinite and finite branching, 
by Konig’s lemma, there is an infinite path uo, u1,...,Un,... in 7. By lemma 
3.5.2, the set 

S={TA|AcU}U{FB|BevV} 


of signed formulae such that U is the union of all propositions occurring in 
the antecedent of each sequent in the chosen path, and V is the union of all 
propositions occurring in the succedent of each sequent in the chosen path, is 
a Hintikka set. By lemma 3.5.3, S is satisfiable. But any valuation satisfying 
S falsifies [ > A, and [ — A is falsifiable. 


To summarize, if the search procedure halts with a closed tree, [ — A 
is provable, and therefore valid. Otherwise [ — A is falsifiable. 


Conversely, if f — A is valid, search must halt with a closed tree, 
since otherwise the above reasoning shows that a falsifying valuation can be 
found. But then, we have shown that [ — A is provable. If [ — A is 
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falsifiable, search cannot halt with a closed tree, since otherwise [ > A 
would be provable, and consequently valid. But then, we have shown that a 
falsifying valuation can be found from the tree T. This concludes the proof 
of the theorem. 


We now derive some easy consequences of the main theorem. Since a 
provable sequent is valid, the following is an obvious corollary. 


Theorem 3.5.2 (Extended completeness theorem for G’) For every (possi- 
bly infinite) sequent T > A, I — A is valid if and only if [ — A is provable. 


3.5.7 Compactness, Model Existence, Consistency 


Recall that a proposition A is satisfiable if some valuation makes it true. 


Definition 3.5.8 A set I of propositions is satisfiable iff some valuation 
makes all propositions in I true. 


Theorem 3.5.3 (Compactness theorem for G’) For any (possibly infinite) 
set T of propositions, if every finite (nonempty) subset of T is satisfiable then 
T is satisfiable. 


Proof: Assume T is not satisfiable. Viewing T as a sequence of proposi- 
tions, it is clear that the sequent 


T- 
is valid, and by theorem 3.5.1 there is a finite subsequence Aj, ..., Ap of P such 


that 
Al, seey Ap —>. 


is provable. But then, by lemma 3.4.3, Aj, ..., Ap — is valid, which means that 
Aj,...,Ap is not satisfiable contrary to the hypothesis. Hence I is satisfiable. 


Definition 3.5.9 A set [ of propositions is consistent if there exists some 
proposition B such that the sequent [T — B is not provable (that is, Aj, ..., Am 
— B is not provable for any finite subsequence Aj,..., Am of I). Otherwise, 
we say that T is inconsistent. 


Theorem 3.5.4 (Model existence theorem for G’) If a set T of propositions 
is consistent then it is satisfiable. 


Proof: Assume T unsatisfiable. Hence, for every proposition B, the 
sequent 
T—-B 


is valid. By theorem 3.5.1, for every such B, there is a finite subsequence 
A},..., Ap of I such that the sequent 
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is provable. But then, IT is not consistent, contrary to the hypothesis. 


The converse of theorem 3.5.4 is also true. 


Lemma 3.5.4 (Consistency lemma for G’) If a set [ of propositions is sat- 
isfiable then it is consistent. 


Proof: Let v be a valuation such that 


vEA 


for every proposition in I. Assume that I is inconsistent. Then, 
TB 


is provable for every proposition B, and in particular, there is a finite subse- 
quence Aj,..., Am of I such that 


Ai, seey Am — PAn7AP 
is provable (for some propositional symbol P). By lemma 3.4.3, Aj,..., Am — 


P A-—P is valid and, since the valuation v makes all propositions in T true, v 
should make P A —P true, which is impossible. Hence, I is consistent. 


Note that if a set [ of propositions is consistent, theorem 3.5.4 shows 
that the sequent [ — is falsifiable. Hence, by theorem 3.5.1, a falsifying 
valuation can be obtained (in fact, all falsifying valuations can be obtained 
by considering all infinite paths in the counter-example tree). 


One may view the goal of procedure search as the construction of Hin- 
tikka sets. If this goal fails, the original sequent was valid and otherwise, 
any Hintikka set yields a falsifying valuation. The decomposition of proposi- 
tions into a-components or b-components is the basis of a variant of Gentzen 
systems called the tableaux system. For details, see Smullyan, 1968. 


3.5.8 Maximal Consistent Sets 


We conclude this section by discussing briefly the concept of maximal consis- 
tent sets. This concept is important because it can be used to give another 
proof of the completeness theorem (theorem 3.5.2). 


Definition 3.5.10 A consistent set [ of propositions is maximally consistent 
(or a maximal consistent set) iff, for every consistent set A, if C A, then 
[ =A. Equivalently, every proper superset of I is inconsistent. 


The importance of maximal consistent sets lies in the following lemma. 


Lemma 3.5.5 Every consistent set [is a subset of some maximal consistent 
set A. 
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Proof: If T is a consistent set, by theorem 3.5.4, it is satisfiable. Let v 
be a valuation satisfying I’. Let A be the set 


{A| vk A} 


of all propositions satisfied by v. Clearly, [is a subset of A. We claim that A 
is a maximal consistent set. First, by lemma 3.5.4, A is consistent since it is 
satisfied by v. It remains to show that it is maximally consistent. We proceed 
by contradiction. Assume that there is a consistent set A such that A is a 
proper subset of A. Since A is consistent, by theorem 3.5.4, it is satisfied by a 
valuation v’. Since A is a proper subset of A, there is a proposition A which 
is in A but not in A. Hence, 
vk A, 


since otherwise A would be in A. But then, 


vuKAA 


and —A is in A. Since A is a subset of A, v’ satisfies every proposition in A, 
and in particular 
v KAA. 


But since v’ satisfies A, we also have 


v KA, 


which is impossible. Hence, A is indeed maximally consistent. 


The above lemma was shown using theorem 3.5.4, but it can be shown 
more directly and without theorem 3.5.4. Actually, theorem 3.5.4 can be 
shown from lemma 3.5.5, and in turn, the completeness theorem can be shown 
from theorem 3.5.4. Such an approach to the completeness theorem is more 
traditional, but not as constructive, in the sense that it does not provide a 
procedure for constructing a deduction tree. 


There is also a close relationship between maximally consistent sets and 
Hintikka sets. Indeed, by reformulating Hintikka sets as unsigned sets of 
propositions, it can be shown that every maximal consistent set is a Hintikka 
set. However, the converse is not true. Hintikka sets are more general (and in 
a sense more economical) than maximal consistent sets. For details, we refer 
the reader to the problems. 
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3.5.1. 


3.5.2. 


3.5.3. 


(i) Show that the infinite sequent [ — A where 
P=< Po; o> Por SD Pewee Fa lien > 
and 
A=< (Pi > Q)> 
is falsifiable. 


(ii) Prove that for every i > 0, the sequent T — A’, where T is as 
above and A’ =< (Pp D P;) > is provable. 


The cut rule is the following inference rule: 


ToA,A A,A—-0 
T,A-+A,O 


A is called the cut formula of this inference. 


Let G’ + {cut} be the formal system obtained by adding the cut rule 
to G’. The notion of a deduction tree is extended to allow the cut 
rule as an inference. A proof in G’ is called a cut-free proof. 


(i) Prove that for every valuation v, if v satisfies the premises of the 
cut rule, then it satisfies its conclusion. 


(ii) Prove that if a sequent is provable in the system G’ + {cut}, then 
it is valid. 


(iii) Prove that if a sequent is provable in G’ + {cut}, then it has a 
cut-free proof. 


(i) Prove solely in terms of proofs in G’ + {cut} that a set I of propo- 
sitions is inconsistent if and only if there is a proposition A such that 
both T — A and I — —A are provable in G’ + {cut}. (For inspiration 
see Section 3.6.) 


(ii) Prove solely in terms of proofs in G’ + {cut} that, [ > A is not 
provable in G’ + {cut} if and only if [ U {=A} is consistent. (For 
inspiration see Section 3.6.) 


Note: Properties (i) and (ii) also hold for the proof system G’, but 
the author does not know of any proof not involving a proof-theoretic 
version of Gentzen’s cut elimination theorem. The cut elimination 
theorem states that any proof in the system G’ + {cut} can be trans- 
formed to a proof in G’ (without cut). The completeness theorem for 
G’ provides a semantic proof of the cut elimination theorem. How- 
ever, in order to show (i) and (ii) without using semantic arguments, 
it appears that one has to mimic Gentzen’s original proof. (See Szabo, 
1969.) 
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A set [ of propositions is said to be complete if, for every proposition 
A, either T > A or [T — —A is provable, but not both. Prove that 
for any set [ of propositions, the following are equivalent: 


(i) The set 
{A|-} T= Ain G’} 


is a maximal consistent set. 

(ii) Tis complete. 

(iii) There is a single valuation v satisfying I. 
(iv) There is a valuation v such that for all A, 


I — A is provable (in G’) if and only if v E A. 


Let [’ be a consistent set. Let Aj, Ao,...,An,... be an enumeration 
of all propositions in PROP. Define the sequence I, inductively as 
follows: 


foe T,U{Ansi} iff, U {An4+1} is consistent; 
BA aN otherwise. 


Let 


A= |v) De 


n>0 
Prove the following: 
(a) Each [,, is consistent. 
(b) A is consistent. 
(c) A is maximally consistent. 


Note that this exercise provides another proof of lemma 3.5.5 for the 
system G’ + {cut}, not using the completeness theorem. 


Prove that if a proposition A over the language using the logical con- 
nectives {V,/A,D,—} is a tautology, then A contains some occurrence 
of either — or D. 


Given a proposition A, its immediate descendants A, and Ag are 
given by the following table: 


Type-a formulae 


A Ay . As 

(X AY) x Y 
AXVY) aX  aAY 
“XDY) xX «AY 
=(3.X) x DG 
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Type-b formulae 


B By, Bo 


AXAY) AX  aAY 
(X VY) x Y 
(XDY) AX Y 


Note that neither propositional letters nor negations of propositional 
letters have immediate descendants. 


Given a set S of propositions, let Des(S) be the set of immediate 
descendants of propositions in S, and define S” by induction as fol- 
lows: 

S°= 8; 


Sort = ess”) 


Let 


n>0 


be the union of all the S$”. Hintikka sets can also be defined without 
using signed formulae, in terms of immediate descendants: 


A set S of propositions is a Hintikka set if the following conditions 
hold: 


(H1) No propositional letter and its negation are both in S. 
(H2) If an a-formula A is in S then both A; and Ag are in S. 
(H3) If a b-formula B is in S then either By, is in S or Bo is in S. 


In this problem and some of the following problems, given any set S 
of propositions and any propositions Aj,...,An, the set SU{Aj,...An} 
will also be denoted by {S, Aj,..., An}. 


Assume that S' is consistent. 


(a) Using a modification of the construction given in problem 3.5.5, 
show that S can be extended to a maximal consistent subset U of S* 
(that is, to a consistent subset U of S* containing S, such that U is 
not a proper subset of any consistent subset of S*). 


(b) Prove that consistent sets satisfy the following properties: 


Co: No set S containing a propositional letter and its negation is 
consistent. 


C,: If {S, A} is consistent, so is {S,A,,A2}, where A is a proposition 
of type a. 
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Cy: If {S, B} is consistent, then either {S,B,} or {S, Bo} is consis- 
tent, where B is a proposition of type b. 


(c) Prove that U is a Hintikka set. 


(d) Show that U is not necessarily a maximal consistent subset of 
PROP, the set of all propositions. 


The purpose of this problem is to prove the compactness theorem 
for propositional logic without using the completeness theorem. The 
proof developed in the following questions is in a sense more construc- 
tive than the proof given by using the completeness theorem, since if 
we are given a set I such that every finite subset of T is satisfiable, 
we will actually construct a valuation that satisfies [. However, the 
existence of ultrafilters requires Zorn’s Lemma, and so this proof is 
not constructive in the recursion-theoretic sense. 


For this problem, you may use the following result stated below and 
known as Zorn’s lemma. For details, the reader should consult a text 
on set Theory, such as Enderton, 1977; Suppes, 1972; or Kuratowski 
and Mostowski, 1976. 


We recall the following concepts from Subsection 2.1.9. A chain in a 
poset (P,<) is a totally ordered subset of P. A chain C' is bounded 
if there exists an element b € P such that for al pe C,p<b. A 
maximal element of P is some m € P such that for any m’ € P, if 
m<m’' then m =m’. 


Zorn’s lemma: Given a partially ordered set S, if every chain in S' 
is bounded, then S' has a maximal element. 


(1) Let E be a nonempty set, and F a class of subsets of E. We say 
that F is a filter on E iff: 


1. Fis in F; 
2. if u and v are in F, then uM v is in F; 
3. if uis in F and v is any subset of E, if u C v, then v is also in F. 


A filter F is a proper filter if @ (the empty set) is not in F. A proper 
filter F' is maximal if, for any other proper filter D, if F' is a subset 
of D, then D= F. 


A class C (even empty) of subsets of a nonempty set FE has the finite 
intersection property (f.i.p.) iff the intersection of every finite number 
of sets in C is nonempty. Let C be any class of subsets of a nonempty 
set E. The filter generated by C is the intersection D of all filters over 
FE which include C. 


Prove the following properties: 


(i) The filter D generated by C is indeed a filter over E. 


PROBLEMS 101 


* 3.5.9. 


(ii) D is equal to the set of all subsets X of F such that either X = EF, 
or for some Yj,..., Yn €C, 


YrOsl i Ck, 


(iii) D is a proper filter if and only if C has the finite intersection 
property. 

(2) A maximal proper filter is called an ultrafilter. 

Prove that a nonempty collection U of sets with the finite intersection 


property is an ultrafilter over FE if and only if, for every subset X of 
E 


y] 


Xe€eU ifandonlyif (E-X) €U. 


Hint: Assume that (EF — X) € U. Let D=UU{X}, and let F' be 
the filter generated by D (as in question 1). Show that F' is a proper 
filter including U. Hence, U = F and D is a subset of U, so that 
X EU. 


(3) Use Zorn’s lemma to show that if a class C of subsets of a nonempty 
set E has the finite intersection property, then it is contained in some 
ultrafilter. 


Hint: Show that the union of a chain of proper filters is a proper filter 
that bounds the chain. 


Let I be a nonempty set and V = {v; | 7 € I} be a set of valuations. 
Let U be a proper filter on J. Define the valuation v such that for 
each propositional symbol P € PS, 


uP)=T iff {¢| u(P)=T}eEU. 
(Such a valuation v is called a reduced product). 
(a) Show that 

(P)=F iff {i| v(P)=T} EU, 


and 
if {i|v(P)=T}=0 then v(P)=F. 


If U is an ultrafilter, show that for all propositions A, 


vEA iff filu,E A}eU. 


Such a valuation v is called the ultraproduct of V with respect to U. 


(b) Show that for any Horn formula A (see problem 3.3.18), whenever 
U is a proper filter, if 


{i|u,- ASeU then vEA. 
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As a consequence, show that for every Horn formula A, 


if u; & A for allie J, then vE A. 


(c) Let I = {1,2}. Give all the filters on J. Give an example showing 
that there exists a proper filter U on {1,2}, a set of valuations {v1, v2}, 
and a proposition A, such that v — A, but {i | u; E A} ¢ U. 


(d) Consider the proper filter U = {{1,2}} on J = {1,2}, and let 
A=P,\V Py». Find two valuations vj and ve such that v; / A and 
vg = A, but the reduced product v of vy and v2 with respect to U 
does not satisfy A. Conclude that not every proposition is logically 
equivalent to a Horn formula. 


(a) Let T be a set of propositions such that every finite subset of T 
is satisfiable. Let I be the set of all finite subsets of [, and for each 
i € TI, let v; be a valuation satisfying 7. For each proposition A € IT, 
let 

A*={ieT| Aci}. 


Let 
C= {A* | AcT}H. 


Note that C has the finite intersection property since 
{Ai,.; An} € ATM... A®. 


By problem 3.5.8, let U be an ultrafilter including C, so that every 
A* isin U. If i € A*, then A € i, and so 


U4 E A. 


Thus, for every A in I, A* is a subset of {i € I | u; — A}. 
Show that each set {7 € I | vu; —& A} is in U. 


(b) Show that the ultraproduct v (defined in problem 3.5.9) of the set 
of valuations {v; | i € I} with respect to the ultrafilter U satisfies [. 


Recall the definition of a Horn formula given in problem 3.3.18. Given 
a countable set {v; | i > 0} of truth assignments, the product v of 
{v; | 7 > 0} is the truth assignment such that for every propositional 
symbol P;, 
v(P;) a ie if vi( Pj) = T, for all Ui; 
F otherwise. 


(a) Show that if X is a set of propositional Horn formulae and every 
truth assignment in {v; | 7 > 0} satisfies X, then the product v 
satisfies X. 
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(b) Let 

X* = {=P | P is atomic and X  P}. 
Show that if X is a consistent set of basic Horn formulas, then X UX* 
is consistent. 


Hint: Using question (a), show that there is a truth assignment v 
satisfying X U X™. 


In this problem, we are using the definitions given in problem 3.5.7. 
Given a set S, a property P about subsets of S (P is a subset of 2°) 
is a property of finite character iff the following hold: 


Given any subset U of S, P holds for U if and only if P holds for all 
finite subsets of U. 

A property P about sets of propositions is a consistency property if 
P is of finite character and the following hold: 


Co: No set S' containing a propositional letter and its negation satis- 
fies P. 


Ci: If {S, A} satisfies P, so does {.5, A,, Ag}, where A is a proposition 
of type a. 

C2: If {S, B} satisfies P, then either {5, B,} or {S, Bg} satisfies P, 
where B is a proposition of type b. 

(a) Using Zorn’s lemma (see problem 3.5.7), show that for any set S, 
for any property P about subsets of S, if P is of finite character, then 


any subset U of S$ for which P holds is a subset of some maximal 
subset of S for which P holds. 


(b) Prove that if P is a consistency property and P satisfies a set U 
of propositions, then U can be extended to a Hintikka set. 


Hint: Use the technique described in problem 3.5.7. 


(c) Prove that if P is a consistency property and P satisfies a set U 
of propositions, then U is satisfiable. 


Using the definitions given in problem 3.5.7, show that a maximal 
consistent set S is a Hintikka set satisfying the additional property: 


Mo: For every proposition A, AE€S ifandonlyif 7~A¢S. 


In this problem, we also use the definitions of problem 3.5.7. A set S 
of propositions is downward closed iff the following conditions hold: 


D,: For every proposition A of type a, if A € S, then both A, and 
A» are in S. 


Dy,: For every proposition B of type 6, if B € S, then either B, is in 
S or Bg isin S. 
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A set S of propositions is upward closed iff: 


U,: For every proposition A of type a, if A; and Ag are both in S, 
then A is in S. 


U2: For every proposition B of type }, if either B, isin S or Bo is in 
S, then B isin S. 

(a) Prove that any downward closed set satisfying condition Mo (given 
in problem 3.5.13) is a maximal consistent set. 

(b) Prove that any upward closed set satisfying condition Mo is a 
maximal consistent set. 

Note: Conditions D; and D2 are conditions H2 and H3 for Hin- 
tikka sets. Furthermore, U; and U2 state the converse of D; and Do. 
Hence, the above problem shows that a maximal consistent set is a 
set satisfying condition Mo and the “if and only if” version of H2 and 


H3. Consequently, this reproves that a maximal consistent set is a 
Hintikka set. 


In the next problems, some connections between logic and the theory 
of boolean algebras are explored. 


Recall from Section 3.3 that a boolean algebra is a structure A =< 
A,+,*,7,0,1 >, where A is a nonempty set, + and * are binary 
functions on A, — is a unary function on A, and 0 and 1 are distinct 
elements of A, such that the following axioms hold: 


Associativity rules: 
(A+ B)+C)=(A4+(B+C)) ((A* B)*C)=(Ax(BxC)) 
Commutativity rules: 
(A+ B)=(B+A) (Ax B)=(BxA) 
Distributivity rules: 
(A+ (B*C)) = ((A+ B)*(A+C)) 
(Ax (B+C)) = ((A* B)+(A*C)) 
De Morgan’s rules: 
(A+ B)=(-A*x-7B) 7=(Ax B)=(7-A+-B) 
Idempotency rules: 
(A+ A)=A (Ax AJ)=A 
Double negation rule: 
AA=A 
Absorption rules: 
(A+ (Ax B))=A (Ax(A4+B))=A 


Laws of zero and one: 
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(A+0)=A (Ax0)=0 
(A+1)=1 (Ax1)=A 
(ApsAySi “(AesAy 0 


When dealing with boolean algebras, —A is also denoted as A. Given 
a boolean algebra A, a partial ordering < is defined on A as follows: 


a<b ifandonlyif a+b=b. 


A filter D is a subset of A such that D is nonempty, for all x,y € D, 
ax*xy € D, and for allz € Aandx é€ D,ifa<z,thenzeD. A 
proper filter is a filter such that 0 ¢ D (equivalently, D # A). (Note 
that this is a generalization of the notion defined in problem 3.5.8.) 


An ideal is a nonempty subset J of A such that, for all x,y € I, 
a+y€T,and forallz€ Aandxel,axzel. 


(a) Show that for any (proper) filter D, the set 
{% | xe D} 


is an ideal. 


Given a filter D, the relation (D) defined by 
x(D)y ifandonly if wxy+zexYeD. 


is a congruence relation on A. The set of equivalences classes modulo 
(D) is a boolean algebra denoted by A/D, whose 1 is D, and whose 
0 is {% | a € D}. 


(b) Prove that x(D)y if and only if there is some z € D such that 

LZ =Y*Z, 
if and only if 

uxGtoxyc{z| xe Dt}, 
if and only if 
(Z+y)*(¥+au) ED. 

Note: Intuitively speaking, ( + y) corresponds to the proposition 
(xD y) and (G+ y) * (¥+ 2) to (x = y). 


A subset F of A has the finite intersection property iff for any finite 
number of elements 21,...,% € E, 


Ly * Ly #0. 
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* 3.5.17. 
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(c) Prove that every subset E with the finite intersection property is 
contained in a smallest proper filter. (See problem 3.5.8.) 


A filter D is principal iff for some a 4 0 in A, x € D if and only if 
a<«. A proper filter is an ultrafilter iff it is maximal. 


(d) Prove that any set with the finite intersection property can be 
extended to an ultrafilter. 


(e) If D is an ultrafilter, then 
a+yeD iff eitherre Dorye D, 
ceED iff T¢D. 
Prove that D is an ultrafilter if and only if the quotient boolean alge- 


bra A/D is isomorphic to the two-element boolean algebra BOOL. 


Let ~ be the proof-theoretic version of the equivalence relation on 
PROP defined in problem 3.4.6, so that for any two propositions A 
and B, 

A~ Bifand only if }(A=B)inG’. 


(a) Show that the set Bo of equivalence classes modulo ~ is a boolean 
algebra if we define the operations +, * and on Bo as follows: 


[A] + [B] = [AV B], 
[A] « [B] = [AA B], 
(a = 4). 
Also, let 0 = [L] and 1 = [T]. Observe that 0 4 1. The algebra Bo is 
called the Lindenbaum algebra of PROP. 
Hint: Use problems 3.4.6 and 3.4.7. 


(b) Prove that the following statements are equivalent: 
(1) Every consistent set can be extended to a maximal consistent set. 
(2) Every filter on Bo can be extended to an ultrafilter. 


Let T be any subset of propositions in PROP. We say that T is 
finitely axiomatizable if there is a finite set S of propositions such 
that for every proposition A in PROP, 


+ T—>AinG’+{cut} if and only if +S — Ain G’ + {cut}. 


Let 
Dr ={{A] | /T — A in G’ + {cut}}, 
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* 3.5.18. 


where [A] denotes the equivalence class of A modulo ~. Prove the 
following statements: 


(i) T is consistent iff Dr is a proper filter on Bo. 


(ii) T is consistent and finitely axiomatizable iff Dr is a principal 
filter on Bo. 


(iii) T is complete iff Dr is an ultrafilter on Bo. (For the definition 
of a complete set of propositions, See problem 3.5.4). 


(iv) T is complete and finitely axiomatizable iff Dr is a principal 
ultrafilter on Bo. 


Given a subset D of Bo, let 
Tp ={A€ PROP | [A] € D}. 


Show that the converses of (i) to (iv) each hold, with T replaced by 
Tp and Dr by D. 


Say that a set T of propositions is closed if, for every A € PROP, 
+ T — A implies that A € T. Show that there is a one-to-one cor- 
respondence between complete closed extensions of T and ultrafilters 
in Bo/Dr. 

Note: In this problem the cut rule seems necessary to prove that Dr 
is a filter, specifically, that if | T — A and+ T — (A D B) in 
G’ + {cut}, then + T > B in G’ + {cut}. To prove this in G’, a form 
of Gentzen’s cut elimination theorem seems necessary. 


(a) Let Ay and A» be two boolean algebras. A function h: A, > Az 
is a homomorphism if, for all 2,y € Ay, 


h(x V1 y) = h(a) V2 h(y), 
h(a Aq y) = h(x) Ag h(y) and 
h(Z) = A(x) 


Show that (0) = 0 and A(1) = 1. 


(b) Given a boolean algebra A and a proper filter D, show that the 
mapping hp : A — A/D that maps every element a of A to its 
equivalence class [a] modulo (D) is a homomorphism. 


(c) Let T be a consistent set of propositions. The equivalence relation 
~7 on PROP is defined as follows: 


Ax B ifandonly if /T—(A=B) inG’ + {cut}. 


Show that the set By of equivalence classes modulo ~77 is a boolean 
algebra if we define the operations +, * and on Br, as follows: 


108 


3/Propositional Logic 


[A]r + [Blr = [A V B\r, 
[A]r * [Blr = [A A B\r, 
[A]r = [5 4]r- 


([A]r denotes the equivalence class of A modulo ~r.) Furthermore, 
the element 1 is the equivalence class 


{A| FT AinG’ + {cut}}, 
and the element 0 is the class 


{A| }T—-WA in G’ + {cut}}. 


The boolean algebra Br is called the Lindenbaum algebra of T. Note 
that the equivalence class [A]r of A modulo ~7 is the set 


{B| }T > (A=B) inG’ + {cut}}. 


For any homomorphism h : Br — BOOL, let v: PS — BOOL be 
defined such that for every propositional letter P, 


Show that v is a valuation satisfying T such that (A) = h([A]r) for 
all A € PROP. 


(d) There is a correspondence between valuations satisfying T and 
ultrafilters U in Br defined as follows: For every ultrafilter U in 
Br, the quotient algebra Br /U is isomorphic to the boolean algebra 
BOOL (see problem 3.5.15(e)). By questions 3.5.18(a) and 3.5.18(b), 
there is a valuation vy satisfying T induced by the homomorphism 
from Br to By /U. Conversely, if v is a valuation satisfying T, show 
that 
U, = {[Alr | (A) = T} 


is an ultrafilter in Br. 
(e) Prove the extended completeness theorem for G’ + {cut}. 


Hint: Assume that T — A is valid, but that A is not provable from T. 
Then, in the Lindenbaum algebra Br, [A]r7 4 1, and so [AA] F 0. 
Using problem 3.5.15(d), there is an ultrafilter U in Br containing 
[=A]r. Since Br/U is isomorphic to BOOL, by questions 3.5.18(c) 
and 3.5.18(d), there is a valuation v satisfying T such that 


0(>A) = A([>4]r), 
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where h is the homormophism from Br to Br/U. Since [=A] is in 
U, 
h([>4]r) = T. 


Hence, there is a valuation satisfying T such that 0(A) = F. This 
contradicts the validity of T — A. 


3.5.19. Write a computer program (preferably in PASCAL or C) implement- 
ing the extended search procedure of definition 3.5.1. 


3.6 More on Gentzen Systems: The Cut Rule 


The rules of the Gentzen system G’ given in definition 3.4.2 were chosen so 
as to give ourselves as few choices as possible at each step upward in search- 
ing systematically for a falsifying valuation. The use of other Gentzen-type 
systems may afford simpler proofs, especially working downward. One such 
system is the system LK’ due to Gentzen. The system LK’ contains a rule 
called the cut rule, which is important from a historical point of view, but 
also from a mathematical point of view. Indeed, even though it is possible to 
find complete proof systems not using the cut rule, we will discover some un- 
expected complications when we study first-order logic with equality. Indeed, 
the system for first-order logic with equality not using the cut rule is not very 
natural, and the cut rule cannot be dispensed with easily. 


3.6.1 Using Auxiliary Lemmas in Proofs 


There are also “pragmatic” reasons for considering the cut rule. The cut rule 
is the following: 


T-A,A A,A-0O 
T,A>A,O 


A is called the cut formula of this inference. 


Notice that this rule formalizes the technique constantly used in practice 
to use an auxiliary lemma in a proof. This is more easily visualized if we 
assume that A is empty. Then, [ — A is the auxiliary lemma, which can 
be assumed to belong to a catalogue of already-proven results. Now, using A 
as an assumption, if we can show that using other assumptions A, that © is 
provable, we can conclude that [, A — © is provable. The conclusion does 
not refer to A. 


One might say that a proof using the cut rule is not as “direct” and 
consequently, not as perspicuous as a proof not using the cut rule. On the 
other hand, if we already have a vast catalogue of known results, and we can 
use them to give short and “easy” proofs of other results, why force ourselves 
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not to use the convenience afforded by the cut rule? We shall not try to answer 
these questions of a philosophical nature. Let us just make a few remarks. 


Let us call a proof not using the cut rule a cut-free proof. Cut-free proofs 
are important in investigations regarding consistency results. The object of 
such investigations is to establish constructively the consistency of mathe- 
matical theories such as arithmetic or set theory, the ultimate goal being to 
show that mathematics formalized as a logical theory is free of contradictions. 
First-order logic is simple enough that Gentzen’s cut elimination theorem 
holds constructively. This means that for every proof using the cut rule, an- 
other proof not using the cut rule can effectively be constructed. We shall 
give a (nonconstructive) semantic proof of this result in this chapter, and a 
constructive proof for a simpler system in Chapter 6. From a mathematical 
point of view, this shows that the cut rule can be dispensed with. For richer 
logics, such as second-order logic, the cut-elimination theorem also holds, but 
not constructively, in the sense that the argument showing that there is a 
method for converting a proof with cut to a proof without cut is not effective. 


Another interesting issue is to examine the relative complexity of proofs 
with or without cut. Proofs with cuts can be much shorter than cut-free 
proofs. This will be shown in Chapter 6. However, from the point of view 
of automatic theorem proving, cut-free proofs are easier to find. For more on 
cut-free proofs and the cut rule, the reader is referred to Takeuti, 1975, and 
Pfenning’s paper in Shostack, 1984a. 


We now present the system LK’. 


3.6.2 The Gentzen System LK’ 


The system LK’ consists of structural rules, the cut rule, and of logical rules. 


Definition 3.6.1 Gentzen system LK’. The letters [,A,A,© stand for arbi- 
trary (possibly empty) sequences of propositions and A,B for arbitrary propo- 
sitions. 


(1) Structural rules: 


(i) Weakening: 


TOA TOA 


ASA (left) ToAA (right) 
A is called the weakening formula. 
(ii) Contraction: 
A,A,T— A ToA,A,A,. 
6 DW, (left) Toa (right) 
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(iii) Exchange: 


DABAA Gy) ToSABA Gimp 
T,B,A,A>A * TAB AK 


(2) Cut rule: 
T-A,A A,A-0O 


T,A>A,0 


A is called the cut formula of this inference. 


(3) Logical rules: 


ATA BTA 
Aer og OO Oe appa 
ToA,A TsA,B (A sight) 
T>A,AAB ee 

A,TOA BTA 
. : : left 
AVB,T—oA Opstese) 
PToA,A . rA,B a 
Pocaye Oe Renae 
To A,A B,A-O A, = A,B 
: . i left aeer e ee nears ASE : right 
ASBEAGAS oO " Toads 
TAA A,THA 
——__ (5 : left ——__—_ (4: right 
aria Clef) pa ay Crit) 


In the rules above, the propositions AV B, AA B, AD Band 7A are 
called the principal formulae and the propositions A, B the side formulae. 


The axioms of the system LK’ are all sequents of the form 


A- A. 


Note that in view of the exchange rule, the order of propositions in 
a sequent is really irrelevant, and the system LK’ could be defined using 
multisets as defined in problem 2.1.8. 


Proof trees are defined inductively as in definition 3.4.5, but with the 
rules of the system LK’ given in definition 3.6.1. If a sequent has a proof 
in the system G’ we say that it is G’-provable and similarly, if it is provable 
in the system LK’, we say that it is LK'-provable. The system obtained by 
removing the cut rule from LK’ will be denoted as LK’ — {cut}. We also say 
that a sequent is L.A’-provable without a cut if it has a proof tree using the 
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rules of the system L.A’ — {cut}. We now show that the systems G’ and LK’ 
are logically equivalent. We will in fact prove a stronger result, namely that 
G’, LK' — {cut} and LK’ are equivalent. First, we show that the system LK’ 
is sound. 


Lemma 3.6.1 (Soundness of LK’) Every axiom of LK’ is valid. For every 
rule of LK’, for every valuation v, if v makes all the premises of a rule true 
then v makes the conclusion of the rule true. Every L.K'-provable sequent is 
valid. 


Proof: The proof uses the induction principle for proofs and is straight- 
forward. 


Note that lemma 3.6.1 differs from lemma 3.4.3 in the following point: 
It is not true that if v makes the conclusion of a rule true then v makes all 
premises of that rule true. This reveals a remarkable property of the system 
G’. The system G’ is a “two way” system, in the sense that the rules can be 
used either from top-down or from bottom-up. However, LK’ is a top-down 
system. In order to ensure that the inferences are sound, the rules must be 
used from top-down. 


3.6.3 Logical Equivalence of G’, LK’, and LK’ — {cut} 


The following theorem yields a semantic version of the cut elimination theo- 
rem. 


Theorem 3.6.1 Logical equivalence of G’, LK’, and LK’ — {cut}. There is 
an algorithm to convert any LK’-proof of a sequent [ — A into a G’-proof. 
There is an algorithm to convert any G’-proof of a sequent [T — A into a 
proof using the rules of LK’ — {cut}. 


Proof: If f — A has an LK'-proof, by lemma 3.6.1, T — A is valid. 
By theorem 3.5.2, Tf — A has a G’-proof given by the algorithm search. 
Note that if ! — A is infinite, then the search procedure gives a proof for a 
finite subsequent of [ — A, but by definition 3.6.2, it is a proof of Tf > A. 
Conversely, using the induction principle for G’-proofs we show that every 
G'’-proof can be converted to an (LK’ — {cut})-proof. This argument also 
applies to infinite sequents, since a proof of an infinite sequent is in fact a 
proof of some finite subsequent of it. 


First, every G’-axiom [ — A contains some common proposition A, and 
by application of the weakening and the exchange rules, an (LK’ — {cut})- 
proof of [T — A can be obtained from the axiom A — A. Next, we have 
to show that every application of a G’-rule can be replaced by a sequence of 
(LK' — {cut})-rules. There are eight cases to consider. Note that the G’-rules 
A: right, V : left, D: right, D: left, — : right and — : left can easily be 
simulated in LK’ — {cut} using the exchange, contraction, and corresponding 
(LK' — {cut})-rules. We show how the G’-rule A : left can be transformed to 
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a sequence of (LA’ — {cut})-rules, leaving the transformation of the G’-rule 
V: right as an exercise. The following is an (LK’ — {cut})-derivation from 
T,A,B,ASAtoT,AAB,A-A. 


T,A,B,A SA 


(several exchanges) 


A,B,T,A> A 
ANB,BT,A>A 


(A: left (A)) 


(exchange) 
B,ANB,T,A-A 
(A: left (B)) 
ANB,AAB,T,A-A ; 
(contraction) 


AAB,T,A>A 


(several exchanges) 


T,AAB,A>A 


3.6.4 Gentzen’s Hauptsatz for LK’ (Cut elimination the- 
orem for LK’) 


Theorem 3.6.1 has the following important corollary. 


Corollary (Gentzen’s Hauptsatz for LK’) A sequent is L.K’-provable if and 
only if it is L.A’-provable without a cut. 


Note that the search procedure together with the above procedure pro- 
vides an algorithm to construct a cut-free L.K'-proof from an LK’'-proof with 
cut. Gentzen proved the above result by a very different method in which 
an LK'-proof is (recursively) transformed into an LA’-proof without cut. 
Gentzen’s proof is more structural and syntactical than ours, since we com- 
pletely forget about the LK’-proof and start from scratch using the procedure 
search. Also, Gentzen’s proof generalizes to the first-order predicate calculus 
LK, providing an algorithm for transforming any LK-proof with cut to an LK- 
proof without cut. The search procedure will also provide a cut-free proof, 
but the argument used in justifying the correctness of the search procedure 
is not constructive. The nonconstructive step arises when we show that the 
search procedure terminates for a valid sequent. Gentzen’s proof is difficult 
and can be found in either Takeuti, 1975; Kleene, 1952; or in Gentzen’s origi- 
nal paper in Szabo, 1969. A constructive proof for a simpler system (sequents 
of formulae in NNF) will also be given in Chapter 6. 
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3.6.5 Characterization of Consistency in LK’ 


The following lemma gives a characterization of consistency in the system 
LK". 


Lemma 3.6.2 (1) A set I of propositions is inconsistent if and only if there 
is some proposition A such that both T — A and I — 7A are LK’-provable. 


(2) For any proposition A, the sequent [ — A is not LK’-provable if 
and only if fT U {7A} is consistent. 

Proof: In this proof, we will abbreviate L.K’-provable as provable. 

(1) If T is inconsistent then T — B is provable for any proposition B, 
showing that the second half of (1) holds. Conversely, assume that for some A, 


both T > A and+ I > 7A in LK’, with proofs T, and To. The following 
is a proof of [ — B for any given B. 


Ty T 
ASE. ey eo, Wagieg 
AA, i —_ . AA, T —_— 
(A right) __ (weakening) 
(cut (=7A)) 


Tros 
_—— (contractions and exchanges) 


T-B 


(2) Assume that T — A is not provable. If [ U {=A} was inconsistent, 
then —A,Tl — A would be provable with proof T. The following is a proof of 
I = A, contradicting the hypothesis. 


— A-A 


Se (A: right) 
AAT oA ; — A,AA 
(A right) ____ (A: left) 
(cut (=7A)) 
Ts A,A . 
___—_ (contraction) 
T-A 


Conversely, assume that TU {=A} is consistent. If ! — A is provable, a 
fortiori [, A — A is provable. But =A — —A is also provable since it is an 
axiom, and so T,A — —A is provable. By (1), TU {=A} is inconsistent. 


Remark: Recall that for an infinite set of propositions [, [ — A is 
provable if A — A is provable for a finite subsequence A of I. Hence, the 
above proofs should really be modified to refer to finite subsequences of I. 
Using the exchange, weakening and contraction rules, we can ensure that the 
antecedent in the conclusion of each proof is a subsequence of I’. We leave 
the details as an exercise. Also, note that the above characterizations of 
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consistency (or inconsistency) in LA’ are purely syntactic (proof theoretic), 
and that the cut rule was used in a crucial way. 


PROBLEMS 


3.6.1. Give LK'-proof trees for the following tautologies: 


AD(BDA) 

(AD B) Dd ((AD(BDC))D(ADC)) 
AD (BD(AANB)) 
AD(AVB) BD(AVB) 

(AD B) > ((AD 7B) D 7A) 
(AAB)DA (AAB)DB 
(ADC) D((BDC)D (AV B)DOC)) 
aAADA 


3.6.2. Show that the cut rule is not a two-way rule, that is, if a valuation v 
satisfies the conclusion of the cut rule, it does not necessarily satisfy 
its premises. Find the other rules of LK’ that are not two-way rules. 


x 3.6.3. Recall that a set [ of propositions is maximally consistent if T is 
consistent and for any other set A, if [ is a proper subset of A then 
A is inconsistent. 


(a) Show that if [ is maximally consistent, for any proposition A such 
that [ — A is provable in LA’ (with cut), A is in T. 


(b) Show that 

A={A|+IT—-A in LK’ (with cut)} 
is maximally consistent if and only if for every proposition A, either 
-T— AortI —-WA in LR’, but not both. 


(c) Show that Tis maximally consistent iff there is a single valuation 
uv satisfying T. 

(d) Show that T is maximally consistent iff there is a valuation v such 
that v — A if and only if A is in T. 


3.6.4. Using the technique of problem 3.5.5, prove in LK’ (+{cut}) that 
every consistent set can be extended to a maximal consistent set. 


* 3.6.5. In this problem, we are adopting the definition of a Hintikka set given 
in problem 3.5.6. Let A be a maximally consistent set. To cut down 
on the number of cases, in this problem, assume that (A D B) is an 
abbreviation for (,A V B), so that the set of connectives is {A, V, 7}. 
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(a) Show that A is a Hintikka set. 


(b) Recall that in LK’, [ — A is not provable if and only if TU{—=A} 
is consistent. Using problem 3.6.4, prove that if [ — A is valid, then 
it is provable in L.A’ (with cut). 


Remark: This provides another proof of the completeness of LK’ 
(with cut). Note that a proof tree for [ > A is not produced (compare 
with theorem 3.4.1). 


3.6.6. Prove that the extended completeness theorem and the model exis- 
tence theorem are equivalent for LA’. (This is also true for LK’ — 
{cut}, but apparently requires the cut elimination theorem). 


3.6.7. Implement a computer program (preferably in PASCAL or C) con- 
verting an L.K’'-proof into a cut-free L.K’-proof. Compare and inves- 
tigate the relative lengths of proofs. 


Notes and Suggestions for Further Reading 


We have chosen Gentzen systems as the main vehicle for presenting proposi- 
tional logic because of their algorithmic nature and their conceptual simplicity. 
Our treatment is inspired from Kleene, 1967 and Kleene, 1952. For more on 
Gentzen systems, the reader should consult Takeuti, 1975; Szabo, 1969; or 
Smullyan, 1968. 


We believe that the use of Hintikka sets improves the clarity of the proof 
of the completeness theorem. For more details on Hintikka sets and related 
concepts such as consistency properties, the reader is referred to Smullyan, 
1968. 


There are other proof systems for propositional logic. The Hilbert sys- 
tem H discussed in problems 3.4.9 to 3.4.12 is from Kleene, 1967, as well as 
the natural deduction system used in problems 3.4.11 and 3.4.12. For more on 
natural deduction systems, the reader is referred to Van Dalen, 1980; Prawitz 
1965; or Szabo, 1969. A variant of Gentzen systems called tableaux systems 
is discussed at length in Smullyan, 1968. 


The relationship between boolean algebra and logic was investigated by 
Tarski, Lindenbaum, Rasiowa, and Sikorski. For more details, the reader is 
referred to Chang and Keisler, 1973, or Bell and Slomson, 1974. Exercise 
3.5.18 is adapted from Bell and Slomson, 1974. 


The proof of Gentzen’s cut elimination theorem can be found in Kleene, 
1952; Takeuti, 1975; and Szabo, 1969. 


Chapter 4 


Resolution In 
Propositional Logic 


4.1 Introduction 


In Chapter 3, a procedure for showing whether or not a given proposition is 
valid was given. This procedure, which uses a Gentzen system, yields a formal 
proof in the Gentzen system when the input proposition is valid. In this chap- 
ter, another method for deciding whether a proposition is valid is presented. 
This method due to J. Robinson (Robinson, 1965) and called resolution, has 
become quite popular in automatic theorem proving, because it is simple to 
implement. The essence of the method is to prove the validity of a proposition 
by establishing that the negation of this proposition is unsatisfiable. 


The main attractive feature of the resolution method is that it has a 
single inference rule (the resolution rule). However, there is a price to pay: 
The resolution method applies to a proposition in conjunctive normal form. 


In this chapter, the resolution method will be presented as a variant of a 
special kind of Gentzen-like system. A similar approach is followed in Robin- 
son, 1969, but the technical details differ. We shall justify the completeness 
of the resolution method by showing that Gentzen proofs can be recursively 
transformed into resolution proofs, and conversely. Such transformations are 
interesting not only because they show constructively the equivalence of the 
two proof systems, but because they also show a relationship between the 
complexity of Gentzen proofs and resolution refutation proofs. Indeed, it will 
be shown that every proof tree T in the system GCNF’ can be converted to 
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a resolution refutation D whose number of steps is at most the number of 
leaves of the proof tree T. 


In the original edition of this book, it was claimed that the number of 
axioms in a Gentzen proof tree was linearly related to the number of resolution 
steps in the corresponding input resolution DAG, but the proof was wrong. 


The essence of the connection between Gentzen proofs and resolution 
proofs is the following: Given a proposition A, if B is a conjunctive normal 
form of =A, A is valid iff B is unsatisfiable, iff the sequent B — is valid. 


We will show how a Gentzen proof tree for B — can be transformed 
into a resolution DAG for B (and conversely). The first step is to design an 
efficient Gentzen system for proving sequents of the form B — , where B is 
in conjunctive normal form. 


4.2 A Special Gentzen System 


The system GCN F” is obtained by restricting the system G’ to sequents of 
the form A —, where A is a proposition in conjunctive normal form. 


4.2.1 Definition of the System GCN F’ 


Recall from definition 3.4.7 that a proposition A is in conjunctive normal 
form iff it is a conjunction C, A... A C,, of disjunctions C; = By V...V Bin,, 
where each 5; ; is either a propositional symbol P or the negation —P of a 
propositional symbol. 


Definition 4.2.1 A literal is either a propositional symbol or its negation. 
Given a literal L, its conjugate L is defined as follows: If L = P then L = -P, 
and if L = =P, then L = P. A proposition of the form 


Cy = By Vi. WV Brn 


where each B;; is a literal is called a clause. 


By lemma 3.3.6, since both A and V are commutative, associative and 
idempotent, it can be assumed that the clauses C; are distinct, and each clause 
can be viewed as the set of its distinct literals. Also, since the semantics of 
sequents implies that a sequent 


Cy A... \ Cy — | is valid iff 
the sequent C),...,Cp,— is valid, 


it will be assumed in this section that we are dealing with sequents of the 
form C},...,Cn — , where {Cj,...,C,} is a set of clauses, and each clause 
C;, is a set of literals. We will also view a sequent C},...,C, — as the set 
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of clauses {C,,...,C;,}. For simplicity, the clause {Z} consisting of a single 
literal will often be denoted by L. If [ and A denote sets of propositions, then 
T, A denotes the set [TU A. Similarly, if [ is a set of propositions and A is a 
proposition, then T’, A denotes the set TU{A}. Consequently, I, Aj, ..., Am 
denotes the sequent [TU {Aj,..., Am}. 


It should be noted that when a sequent Cj,...,C, — is viewed as the 
set of clauses {C},...,C,}, the comma is interpreted as the connective and 
(A), but that when we consider a single clause C; = {1,..., 2m} as a set of 
literals, the comma is interpreted as the connective or (V). 


For sequents of the above form, note that only the V : left rule and the 
a: left rule are applicable. Indeed, since each proposition in each C; is a 
literal, for every application of the — : left rule resulting in a literal of the 
form =P in the antecedent of the conclusion of the rule, the propositional 
letter P belongs to the right-hand side of the sequent which is the premise of 
the rule. Since the V : left rule does not add propositions to the right-hand 
side of sequents, only propositional letters can appear on the right-hand side 
of sequents. Hence, only the V : left rule and the -: left rule are applicable 
to sequents of the form defined above. But then, by redefining the axioms to 
be sequents of the form 
T,P,AP = 


we obtain a proof system in which the only inference rule is V : left. 


A further improvement is achieved by allowing several V : left rules to 
be performed in a single step. If a sequent of the form 


lr (AiVvB),.c(AgVB)S 


is provable, the proof may contain m distinct applications of the V : left rule 
to (A, V B),...,(Am VB), and the proof may contain 2” — 1 copies of the proof 
tree for the sequent I, B — . We can avoid such redundancies if we introduce 
a rule of the form 


LA. Ay SS T,B- 
T, (A; V B),...,(Am V B) > 


We obtain a proof system in which proofs are even more economical if 
we introduce a rule of the form 


Ty, C1, ...,Ck In,B- 
Pw Baca ey 


where [; and [2 are arbitrary subsets of [ U {(A1 V B),...,(Am V B)} (not 
necessarily disjoint), and {C\,...,C,} is any nonempty subset of {Aj,...,Am}. 
In this fashion, we obtain a system similar to U.K’ with implicit weakenings, 
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in which every nontrivial sequent (see definition below) has a proof in which 
the axioms are of the form P,=AP — . 


Definition 4.2.2 <A sequent of the form C},...,C, — is trivial if C; = P 
and C; =P for some letter P and some i,j, 1 < i,7 <n. Otherwise, we say 
that the sequent is nontrivial. 


The system GCN F” is defined as follows. 
Definition 4.2.3 (The system GCN F’). Let T, [1, I'2 denote sets of propo- 


sitions, Aj,...,Am denote propositions, B denote a literal, and P denote a 
propositional letter. 


Axioms: All trivial sequents, that is, sequents of the form 
T,P,7nP — 
Inference Rule: All instances of the rule 
Ty,C,...,Ck T2,B— 


T, (Ai V B),..., (Am VB) > 


where Ty and [2 are arbitrary subsets of TU{(Ai VB), ..., (Am V B)} (possibly 
empty and not necessarily disjoint), {C,...,C,} is any nonempty subset of 
{Aj,..., Am}, and B is a literal. 


Remark: In the above rule, B is a literal and not an arbitrary proposi- 
tion. This is not a restriction because the system GCN F” is complete. We 
could allow arbitrary propositions, but this would complicate the transfor- 
mation of a proof tree into a resolution refutation (see the problems). The 
system obtained by restricting [, and Iz to be subsets of I is also complete. 
However, if such a rule was used, this would complicate the transformation of 
a resolution refutation into a proof tree. 


Deduction trees and proof trees are defined in the obvious way as in 
definition 3.4.5. 


EXAMPLE 4.2.1 
The following is a proof tree in the system GCNF". 
5,AS > 3Q,Q—- 
“8,53 7Q, 5, {>5, Q} > 
{P, 7Q}, {-8, -Q}, 5, {78, Q} > 


In the above proof, the V : left rule is applied to {P, =Q}, {-S, =Q}. 
The literal —Q, which occurs in both clauses, goes into the right premise 
of the lowest inference, and from the set {P,S}, only 4S goes into 
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the left premise. The above proof in GCN F” is more concise than the 
following proof in G’. This is because rules of GCN F” can apply to 
several propositions in a single step, avoiding the duplication of subtrees. 


Ti T> 
{P, =Q}, {48, -Q}, S, {48, Q} > 


where T) is the tree 
P,7Q, 5,75 P,7Q, 8,Q — 
PB; aS, S,{38, Qt = P, =Q, S, {78S, Qh = 
P,{7S, -Q}, 5, {-S, Q} > 


and T> is the tree 
AQ, 5,75 > 3Q,5,Q > 
1Q, 75,5, {>5, Q} > 7Q, S,{45, Q} > 
7Q, {75, 7Q}, S,{45, Q} > 


In order to prove the soundness and completeness of the System GCN F", 
we need the following lemmas. 


4.2.2 Soundness of the System GCN F’ 


First, we prove the following lemma. 


Lemma 4.2.1 Every axiom is valid. For every valuation v, if v satisfies 
both premises of a rule of GCN F’, then v satisfies the conclusion. 


Proof: It is obvious that every axiom is valid. For the second part, it is 
equivalent to show that if v falsifies T,(A, V B),...,(Am V B) —, then either 
v falsifies T,C1,...,C, —, or v falsifies [2,B —. But v falsifies T, (A, V 
B),...,(Am V B) — if v satisfies all propositions in T and v satisfies all of 
(Ai V B),...,./Am V B). If v satisfies B, then v satisfies T and B, and so v 
falsifies [2, B — for every subset [2 of T,(Ai V B),...,(Am V B). If vu does not 
satisfy B, then it must satisfy all of A1,..., Am. But then, v satisfies [y and 
C),...,Cy for any subset T, of T',(A, V B),...,(Am V B) and nonempty subset 
{Ci,...,C} of {A1,..., Am}. This concludes the proof. 


Using induction on proof trees as in lemma 3.4.3, we obtain the following 
corollary: 


Corollary (Soundness of GCN F”) Every sequent provable in GCN F” is 
valid. 
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In order to prove the completeness of GCN F’, we will also need the 
following normal form lemma. 


Lemma 4.2.2 Every proof in G’ for a sequent of the form C,...,Cm —, 
where each C; is a clause is equivalent to a G’-proof in which all instances of 
the —: left rule precede all instances of the V : left rule, in the sense that on 
every path from a leaf to the root, all =: left rules precede all V : left rules. 


Proof: First, observe that every proof tree in G’ of the form 


Subtree of type (1) 


Ti wb) 
T,A-P T,B-P 


T,(AVB)>P 


T,(AV B),7P > 


can be transformed to a proof tree of the same depth of the form 


Subtree of type (2) 


Ti To 
T,A-P T,B-—P 
T,A,7AP — T,B,7aP- 


T,(AV B),7P > 


Next, we prove the lemma by induction on proof trees. Let T be a proof 
tree. If T’ is a one-node tree, it is an axiom and the lemma holds trivially. 
Otherwise, either the inference applied at the root is the V : left rule, or it 
is the —: left rule. If it is the V : left rule, T has two subtrees 7, and T> 
with root S$; and $2, and by the induction hypothesis, there are proof trees Tj 
and T3 with root $; and Sp» satisfying the conditions of the llmma. The tree 
obtained from T by replacing T, by Tj and T, by Ti} satisfies the conditions 
of the lemma. Otherwise, the inference applied at the root of T is the =: left 
rule. Let T; be the subtree of T having T,(A V B) > P as its root. If Tj is 
an axiom, the lemma holds trivially. If the rule applied at the root of T) is 
a: left rule, by the induction hypothesis, there is a tree Tj with the same 
depth as T; satisfying the condition of the lemma. If T7 contains only 7: left 
rules, the lemma holds since for some letter Q, both Q and =Q must belong 
toT,(AV B),>P —. Otherwise, the tree T’ obtained by replacing T; by Tj 
in T is a tree of type (1), and depth(T’) = depth(T). By the the remark at 
the beginning of the proof, this tree can be replaced by a tree of type (2) 
having the same depth as T” (and T’). We conclude by applying the induction 
hypothesis to the two subtrees of T’. Finally, if the rule applied at the root 
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of the subtree T, is a V: left rule, T is a tree of type (1). We conclude as in 
the previous case. 


4.2.3 Completeness of the System GCN F’ 


Having this normal form, we can prove the completeness of GCN F’. 
Theorem 4.2.1 (Completeness of GCN F”). If a sequent 
Ci, ...,Cm 
is valid, then it is provable in GCN F’. Equivalently, if 
Ci A...ACm 
is unsatisfiable, the sequent 
Ci, ...,Cm 
is provable in GCNF’. Furthermore, every nontrivial valid sequent has a 


proof in GCN F” in which the axioms are of the form P,=~P > . 


Proof: Since V is associative, commutative and idempotent, a clause 
{I,,..., Ly} is equivalent to the formula 


(((...(L1 V D2) V ...) V Le-1) V Dx). 


By the completeness of G’ (theorem 3.4.1), the sequent C},...,Cm — has a 
proof in which the V : left rules are instances of the rule of definition 4.2.3. 
From lemma 4.2.2, the sequent C,...,C;, — has a G’-proof in which all the 
. : left rules precede all the V : left rules. We prove that every nontrivial 
valid sequent C1, ...,Cm — has a proof in GCN F” by induction on proof trees 
in G’. 

Let T be a G’-proof of Cj,...,Cm — in G’. Since it is assumed that 
C,...,Cm > is nontrivial, some Ci, say C1, is of the form (A V B), and the 
bottom inference must be the V : left rule. So, T’ is of the form 


T; T> 
As Cots Cay B,Co,...,Cm 


(A V B), C2, i Oi _- 


If both 7, and T> only contain applications of the =: left rule, A must 
be a literal and some C; is its conjugate, since otherwise, C2,...,C, would be 
trivial. Assume that C; is the conjugate of A. Similarly, B is a literal, and 
some C; is its conjugate. 
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Then, we have the following proof in GCN F’: 


A,A— B,B= 
(A Vv B), C2, ere Gree > 


In this proof, Tr, = {A} = Ci, and Tp = {B} = C;. 


Otherwise, either A,C2,...,Cm or B,Co,...,Cm is nontrivial. If both 
are nontrivial, by the induction hypothesis, they have proofs S; and Sz in 
GCNF’, and by one more application of the V : left rule, we obtain the 
following proof in GCNF’: 


Si So 
A, C2, ...,Cm B,Co,...,Cm 
(AV B), Co, ..., Cm — 


If A, Co,...,Cm is trivial, then A must be a literal and some C; is its 
conjugate, since otherwise, C1, ...,Cm would be trivial. Assume that C; = A. 
Since B,C, ...,Cy is nontrivial, by the induction hypothesis it has a proof S3 
in GCNF". Then, the following is a proof of C1,...,Cm — in GCNF’: 


So 
A,A—- B,C, ...,Cm 
(A V B), C2, vey Ching — 


The case in which A, Co,...,Cm is nontrivial and B,C2,...,Cm is trivial 
is symmetric. This concludes the proof of the theorem. 


The completeness of the system GCN F” has been established by showing 
that it can simulate the system G’. However, the system GC'N F" is implicitly 
more nondeterministic than the system G’. This is because for a given sequent 
of the form 

T, (A; V B),...,(Am VB) > , 


one has the choice to pick the number of propositions (Ai V B),...,/Am V 
B), and to pick the subsets T,, [2 and C1,...,C,. A consequence of this 
nondeterminism is that smaller proofs can be obtained, but that the process 
of finding proofs is not easier in GC'N F” than it is in G’. 


PROBLEMS 


4.2.1. Show that the set of clauses 


1A B, AC}; {A, B, Ch, {A, =B ys {-A}} 
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4.2.2. 


4.2.3. 


4.2.4. 


4.2.5. 


4.2.6. 


4.2.7. 
4.2.8. 


is unsatisfiable. 

Show that the following sets of clauses are unsatisfiable: 

(a) {{4, -B, C}, {B,C}, {>A, C}, {B, -C}, {>B}} 

(b) {{A, 7B}, {4, C} (9B, C}, {7A, B}, {B, -C}, {4,0} 
Which of the following sets of clauses are satisfiable? Give satisfying 


valuations for those that are satisfiable, and otherwise, give a proof 
tree in GCN FE’: 


(a) {{A, B}, {7A, ~B}, {5 A, B}} 
(b) {{7A}, {A, ~B}, {B}} 
(c) {{A, B}, 1} 
Consider the following algorithm for converting a proposition A into 
a proposition B in conjunctive normal form, such that A is satisfiable 
if and only if B is satisfiable. First, express A in terms of the con- 
nectives V, A and =. Then, let Aj,...,A, be all the subformulae of 
A, with A, = A. Let P,,...,P, be distinct propositional letters. The 
proposition B is the conjunction of P, with the conjunctive normal 
forms of the following propositions: 

((P; V P;) = Px) whenever A, is (A; V A;) 

((P; \ P;) = Px) whenever A, is (A; A A;) 

(=P; = Px) whenever Ax is 7A;. 


(a) Prove that A is satisfiable if and only if B is satisfiable, by showing 
how to obtain a valuation satisfying B from a valuation satisfying A 
and vice versa. 


(b) Prove that the above algorithm runs in polynomial time in the 
length of the proposition A. 


Hint: Use problem 3.2.4. 


Prove that the system GCN F” is still complete if we require all leaf 
nodes of a proof tree to contain only literals. 


Design a new system GDNF” with a single inference rule A : right, 
for sequents of the form 


— D, sie) Dn, 
where D; V ... V Dy, is in disjunctive normal form. Prove the com- 
pleteness of such a system. 
Prove that the system GCN F” is complete for infinite sets of clauses. 


Write a computer program for testing whether a set of clauses is 
unsatisfiable, using the system GCN F". 
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4.3 The Resolution Method for Propositional Logic 


We will now present the resolution method, and show how a proof in the 
system GC'N F’ can be transformed into a proof by resolution (and vice versa). 
In the resolution method, it is convenient to introduce a notation for the clause 
{1} consisting of the constant false (L). This clause is denoted by 1 and is 
called the empty clause. Then, one attempts to establish the unsatisfiability 
of a set {C\,...,Cm} of clauses by constructing a kind of tree whose root is 
the empty clause. Such trees usually contain copies of identical subtrees, and 
the resolution method represents them as collapsed trees. Technically, they 
are represented by directed acyclic graphs (DAGs). 


Proof trees in GC'N F” can also be represented as DAGs and in this way, 
more concise proofs can be obtained. We could describe the algorithms for 
converting a proof in GCNF” into a proof by resolution and vice versa in 
terms of DAGs, but this is not as clear and simple for the system GCN F’ 
using DAGs as it is for the standard system GCNF”" using trees. Hence, for 
clarity and simplicity, we shall present our results in terms of proof trees and 
resolution DAGs. Some remarks on proof DAGs will be made at the end of 
this section. 


4.3.1 Resolution DAGs 


For our purposes, it is convenient to define DAGs as pairs (t, R) where t is a 
tree and R is an equivalence relation on the set of tree addresses of t satisfying 
certain conditions. Roughly speaking, R specifies how common subtrees are 
shared (collapsed into the same DAG). 


EXAMPLE 4.3.1 


f 
va \ 
h f 
a \ 
“A \ 
f i 
“a \ “A \ 
b b b b 


The above tree ¢t contains two copies of the subtree 


Aa ~ 


which itself contains two copies of the one-node subtree b. 
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If we define the equivalence relation R on the domain 
dom(t) = {e,1,2,21, 22,211,212, 221,222} as the least equivalence relation 
containing the set of pairs 


{(21, 22), (211, 221), (212, 222), (211, 212)}, 


the equivalence classes modulo R are the nodes of a graph representing the 
tree t as a collapsed tree. This graph can be represented as follows: 


EXAMPLE 4.3.2 


J 


a ~‘ 
{} 
f 
() 


The equivalence relation R is such that two equivalent tree addresses 
must be the roots of identical subtrees. If two addresses u, v are equiva- 
lent, then they must be independent (as defined in Subsection 2.2.2), so 
that there are no cycles in the graph. 


The formal definition of a DAG is as follows. 


Definition 4.3.1 A directed acyclic graph (for short, a DAG) is a pair (t, R), 
where t is a tree labeled with symbols from some alphabet A, and R is an 
equivalence relation on dom(t) satisfying the following conditions: 


For any pair of tree addresses u,v € dom(t), if (u,v) € R, then either 
u =v or wand v are independent (as defined in Subsection 2.2.2) and, for all 
i > 0, we have: 


(1) ut € dom(t) iff vi € dom(t); 
(2) If wi € dom(t), then (ui, vi) € R; 
(3) t(u) = t(v). 


The tree ¢ is called the underlying tree of the DAG. The equivalence 
classes modulo R are called the nodes of the DAG. Given any two equivalence 
classes S and T, an edge from S'to T is any pair ([u], [wé]) of equivalence classes 
of tree addresses modulo R, such that u € S, and ui € T. By conditions (1)- 
(3), the definition of an edge makes sense. 


The concept of root, descendant, ancestor, and path are also well defined 
for DAGs: They are defined on the underlying tree. 
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This definition only allows connected rooted DAGs, but this is enough 
for our purpose. Indeed, DAGs arising in the resolution method are sets of 
DAGs as defined above. 


We now describe the resolution method. 


4.3.2 Definition of the Resolution Method for Proposi- 
tional Logic 


The resolution method rests on the fact that the proposition 
(AV P)A(BVAP)) = ((AV P) A (BV AP) A (AV B)) (*) 
is a tautology. Indeed, since the above is a tautology, the set of clauses 
{C\,...,Cm, {A, P}, {B, ~P}} 
is logically equivalent to the set 
{Ci,..., Cm, {A, P}, {B, -P}, {A, B}} 
obtained by adding the clause {A, B}. Consequently, the set 
{C,,...,Cm, {A, P}, {B, ~P}} 
is unsatisfiable if and only if the set 
{Ci,..., Cm, {A, P}, {B, -P}, {A, B}} 


is unsatisfiable. 


The clause {A, B} is a resolvent of the clauses {A, P} and {B,=P}. The 
resolvent of the clauses {P} and {=P} is the empty clause 1. The process of 
adding a resolvent of two clauses from a set S to S is called a resolution step. 
The resolution method attempts to build a sequence of sets of clauses obtained 
by successive resolution steps, and ending with a set containing the empty 
clause. When this happens, we know that the original clause is unsatisfiable, 
since resolution steps preserve unsatisfiability, and a set of clauses containing 
the empty clause is obviously unsatisfiable. 


There are several ways of recording the resolution steps. A convenient 
and space-efficient way to do so is to represent a sequence of resolution steps 
as a DAG. First, we show that the proposition («) defined above is a tautology. 
Lemma 4.3.1 The proposition 


(AV P)A(BVAP)) = ((AV P) A (BV AP) A (AV B)) 
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is a tautology, even when either A or B is empty. (When A is empty, (AV P) 
reduces to P and (AV B) to B, and similarly when B is empty. When both 
A and B are empty, we have the tautology (P \7=P) = (PA -P).) 


Proof: We prove that 
(AV P)A(BV-AP)) > (AV P)A(BV AP) A (AV B)) 
is valid and that 
((AV P) \(BV -P) A(AV B)) > ((AV P) A(BV =P)) 


is valid. The validity of the second proposition is immediate. For the first 
one, it is sufficient to show that 


((AV P) A(BV -AP)) > (AV B) 


is valid. We have the following proof tree (in G’): 


PP,A,B 
P,B=A,B P-=P3 A,B 


A,(BV->P) > A,B P,(BV7P) > A,B 


(AV P),(BV =P) = A,B 


(AV P),(BV 7AP) > (AV B) 


(AV P)A(BV AP) > (AV B) 


— ((AV P) A\(BV -P)) > (AV B) 


Definition 4.3.2 Given two clauses C; and C2, a clause C is a resolvent of 
C, and C iff, for some literal L, L € Ci, L € Co, and 


C = (C1 — {L}) U (C2 — {Z}). 


In other words, a resolvent of two clauses is any clause obtained by strik- 
ing out a literal and its conjugate, one from each, and merging the remaining 
literals into a single clause. 


EXAMPLE 4.3.3 


The clauses {A, B} and {=A,=B} have the two resolvents {A,—A} and 
{B,-=B}. The clauses {P} and {=P} have the empty clause as their 
resolvent. 
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Observe that by lemma 4.3.1, any set S of clauses is logically equivalent 
to the set SU{C} obtained by adding any resolvent of clauses in S'. However, 
it is not true that the set 


(SU{C}) — {C1, Ca} 


obtained by adding a resolvent of two clauses C; and C2, and deleting C; and 
C2 from S is equivalent to S. If S = {{P,Q},{=Q}}, then {P} is a resolvent 
of {P,Q} and {=Q}, but S is not equivalent to {{P}}. Indeed, the valuation 
v which satisfies both P and Q satisfies {{P}} but does not satisfy S since it 
does not satisfy {3Q}. 


We now define resolution DAGs. We believe that it is more appropri- 
ate to call resolution DAGs having the empty clause at their root resolution 
refutations rather than resolutions proofs, since they are used to show the 
unsatisfiability of a set of clauses. 


Definition 4.3.3 Given a set S = {C},...,C,} of clauses, a resolution DAG 
for S' is any finite set 


D = {(t1, Ri), +; (tm: Rm)} 


of distinct DAGs labeled with clauses and such that: 


(1) The leaf nodes of each underlying tree t; are labeled with clauses in 
8. 


(2) For every DAG (¢;, R;), for every non-leaf node wu in t;, u has exactly 
two successors ul and u2, and if ul is labeled with a clause C; and u2 is 
labeled with a clause Cz (not necessarily distinct from C;), then u is labeled 
with a resolvent of C; and C>. 


A resolution DAG is a resolution refutation iff it consists of a single 
DAG (t, R) whose root is labeled with the empty clause. The nodes of a DAG 
which are not leaves are also called resolution steps. 


EXAMPLE 4.3.4 


{P,Q} {P,Q} {5P,Q}  {>P, -Q} 
{P} {Q} 
{oP} 


a 


The DAG of example 4.3.4 is a resolution refutation. 
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4.3.3 Soundness of the Resolution Method 


The soundness of the resolution method is given by the following lemma. 


Lemma 4.3.2 Ifaset S of clauses has a resolution refutation DAG, then S$ 
is unsatisfiable. 


Proof: Let (t1, 2) be a resolution refutation for S. The set S’ of clauses 
labeling the leaves of t; is a subset of S. 


First, we prove by induction on the number of nodes in a DAG (ft, R) 
that the set of clauses S’ labeling the leaves of t is equivalent to the set of 
clauses labeling all nodes in ¢. 


If ¢ has one node, the property holds trivially. If t has more than one 
node, let / and r be the left subtree and right subtree of t respectively. By the 
induction hypothesis, the set 5; of clauses labeling the nodes of | is equivalent 
to the set Ly of clauses labeling the leaves of /, and the set S2 of clauses labeling 
the nodes of r is equivalent to the set [2 of clauses labeling the leaves of r. 
Let C, and C2 be the clauses labeling the root of / and r respectively. By 
definition 4.3.3, the root of t is a resolvent R of C, and C2. By lemma 4.3.1, 
the set S; US is equivalent to the set $;US,U{R}. But then, $;US2,U{R} 
is equivalent to S’ = L, U Lg, since $, U Sy is equivalent to L; U Lz. This 
concludes the induction proof. 


Applying the above property to t,, S’ is equivalent to the set of clauses 
labeling all nodes in tj. Since the resolvent D labeling the root of t; is the 
empty clause, the set S’ of clauses labeling the leaves of t; is unsatisfiable, 
which implies that S' is unsatisfiable since S’ is a subset of S. 


4.3.4 Converting GCN F’-proofs into Resolution Refuta- 
tions and Completeness 


The completeness of the resolution method is proved by showing how to trans- 
form a proof in the system GC'N F” into a resolution refutation. 


Theorem 4.3.1 There is an algorithm for constructing a resolution refuta- 
tion D from a proof tree T in the system GCN F”". Furthermore, the number 
of resolution steps in D (nonleaf nodes) is less than or equal to the number 
of axioms in T. 


Proof: We give a construction and prove its correctness by induction on 
proof trees in GCN F”. Let S = {C4,...,Cm}. If the proof tree of the sequent 
C1,...,Cm — is a one-node tree labeled with an axiom, there must a literal 
L such that some C; = L and some C; = L. Hence, we have the resolution 
refutation consisting of the DAG 
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aa 


This resolution DAG has one resolution step, so the base step of the 
induction holds. 


Otherwise, the proof tree is of the form 
T, T2 
Ty, Fi. Pk [2,B- 
T,{Ai, B},...,{An, B} - 


where T1,T2 e TU {{Au, B}, seey {An, B}}, {Fi, seey Fy} = {A1, An}, and PU 
{{Ai, B},..., {An, B}} = S. By the induction hypothesis, there is a resolution 
refutation D, obtained from the tree JT, with root [), Fi,...,F, —, and a 
resolution refutation D2 obtained from the tree T> with root [2,B —. The 
leaves of D, are labeled with clauses in; U{F‘,..., F,}, and the leaves of Dg 
are labeled with clauses in TU {B}. Let {F/,..., &,} be the subset of clauses 
in {F),..., F,} that label leaves of D,. 


If {Fi,...,F} CS, then D, is also resolution refutation for S. Similarly, 
if the set of clauses labeling the leaves of D2 is a subset of S$, D2 is a resolution 
refutation for S. In both cases, by the induction hypothesis, the number of 
resolution steps in D (resp. D2) is less than or equal to the number of leaves 
of T; (resp. T>), and so, it is less than the number of leaves of T. 


Otherwise, let {F7’,..., Fy} C {/1,..., Fe} be the set of clauses not in S 
labeling the leaves of D;. Also, B ¢ S and B labels some leaf of Do, since oth- 
erwise the clauses labeling the leaves of Dz would be in 8S. Let Dj be the reso- 
lution DAG obtained from D, by replacing F7’,..., FY’ by {FY', B},...{FY, BS, 
and applying the same resolution steps in D{ as the resolution steps applied 
in D,. We obtain a resolution DAG that may be a resolution refutation, or 
in which the clause B is the label of the root node. 


If D{ is a resolution refutation, we are done. 


Otherwise, since B ¢ S and Dj is not a resolution refutation, the root 
of Dj is labeled with B and no leaf of Dj is labeled with B. By the induction 
hypothesis, the number of resolution steps n; in D, (and D{) is less than or 
equal to the number of axioms in 7,, and the number ng of resolution steps 
in Dg is less than or equal to the number of axioms in J. We construct a 
resolution refutation for a subset of T, {Ai, B},...,{An, B} by combining Dj 
and D2 as follows: Identify the root labeled with B in D{ with the leaf labeled 
with B in Dg, and identify all leaf nodes u,v with u € D{ and v € Da, iff u 
and v are labeled with the same clause. (Since B ¢ S, B cannot be such a 
clause.) The number of resolution steps in D is n; + m2, which is less than or 
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equal to the number of axioms in T’. This concludes the construction and the 
proof. 


Theorem 4.3.2 (Completeness of the resolution method) Given a finite set 
S of clauses, S is unsatisfiable if and only if there is a resolution refutation 
for S. 


Proof: By lemma 4.3.2, if S has a resolution refutation, S$ is unsatisfi- 
able. If S is unsatifiable, then the sequent S — is valid. Since the system 
GCNF’ is complete (theorem 4.2.1), there is a proof tree T for S —. Finally, 
by theorem 4.3.1, a resolution refutation D is obtained from T. 


EXAMPLE 4.3.5 
Consider the following proof tree in GCNF": 


P,=AP = 5,AS 


fat Wl ee es 7Q),Q > 
LRA EAS; OO iP, iS} 


The leaves P,=P — and $,—S — are mapped into the following DAGs: 


dD, Dez 
{P} {>P} {S} {4S} 


NK NF 


Let D3 be the DAG obtained from D, by adding 4S to {=P}: 


Dg 
{P} {=P, “S} 


{8} 
We now combine D3 and D2 to obtain D4: 


D4 
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The leaf Q, >Q — is mapped into the DAG Ds: 


Ds 
{Q} {-Q} 


Let Dg be the DAG obtained from D4 by adding =Q to {P} and {S}: 


De 


{P,-Q}  {4P,>S} — {S, >Q} 


a 


{7Q, 7S} 


{>Q} 
Finally, let D7 be obtained by combining Dg and Ds: 


D7 


{P,-Q}  {>P,>S} — {S, -Q} {Q} 


The theorem actually provides an algorithm for constructing a resolution 
refutation. Since the number of resolution steps in D is less than or equal to 
the number of axioms in T, the number of nodes in the DAG D cannot be 
substantially larger than the number of nodes in T. In fact, the DAG D has 
at most two more nodes than the tree, as shown by the following lemma. 


Lemma 4.3.3 IfT is a proof tree in GCN F’” and T has m nodes, the number 
n of nodes in the DAG D given by theorem 4.3.1 is such that, r+1 <n < m+2, 
where r is the number of resolution steps in D. 


Proof: Assume that T has k leaves. Since this tree is binary branching, 
it has m = 2k —1 nodes. The number r of resolution steps in D is less than 
or equal to the number & of leaves in T. But the number n of nodes in the 
DAG is at least r +1 and at most 2r+ 1, since every node has at most two 
successors. Hence, n < 2r+1<2k+1=m+4+2. 
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In example 4.3.5, the number of resolution steps in the DAG is equal 
to the number of leaves in the tree. The following example shows that the 
number of resolution steps can be strictly smaller. 


EXAMPLE 4.3.6 
Consider the following proof tree T: 


aP,P —_— AQ, Q — 
ok, R 1Q, “P, {P,Q} > 


aR, -Q, {hs =P} LP, OQ} amas AR, R — 


TR, 7Q, {R, +P}, {P,Q, R} > 


The result of recursively applying the algorithm to T yields the two 
DAGs D, and Dao: 


dD, Do 
ae {P} {-Q} {Q} 


wea SH 


corresponding to the axioms —P, P — and =Q,Q —. Adding Q to P in 
the DAG Dy, we obtain the DAG D3: 


D3 
ee {P,Q} 


{Q} 


Identifying the root of DAG Ds with the leaf labeled Q of DAG Dz, we 
obtain the DAG Dy, corresponding to the subtree 


as ae: 79,9 > 
7Q, 7P, {P,Q} > 


of T: 


D4 
{+P} {P,Q} {-Q} 


{Q} 
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Adding R to =P in D4, we obtain the DAG Ds: 
Ds 
{R,-P} {P,Q} {-Q} 


% 


{R, Q} 


{R} 
The axiom —=R, R — yields the DAG De: 
De 
{>R} {R} 


SF 


and merging the root of Ds with the leaf labeled R in Dg, we obtain the 
DAG Dy corresponding to the left subtree 


AP,P- 3Q,Q- 


ak, Ro 7Q, 7P, {P,Q} > 


oR, 7Q, {R, +P}, {P,Q} > 
of the original proof tree: 
D; 
{R, — WA Qt {7Q} {>R} 


ys dO} ( 7 
Ne 


At this stage, since the right subtree of the proof tree T is the axiom 
aAR,R —, we add R to {P,Q} in D7. However, since R is also in 
{R,-=P}, the resulting DAG Dg is a resolution refutation: 
Dg 
wee yy Q,R} = {>Q} {>R} 


+ oy CA 
Ye 
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The DAG Dg has three resolution steps, and the original proof tree T 
has four axioms. This is because the original proof tree is not optimal. If 
we had applied the V : rule to {4P, R} and {P, Q, R}, we would obtain a 
proof tree with three axioms, which yields a DAG with three resolution 
steps. 


4.3.5 From Resolution Refutations to GC N F’-proofs 


We will now prove that every resolution refutation can be transformed into 
a proof tree in GCNF’. Unfortunately, contrary to what was claimed in the 
original edition of this book, the size of the resulting tree is not necessarily 
polynomial in the size of the DAG. This result only holds if the resolution 
refutation is a tree. 


Theorem 4.3.3 There is an algorithm which transforms any resolution refu- 
tation D into a proof tree T in the system GCN F’. 


Proof: Let S = {C\,...,Cm}. We construct the tree and prove the 
theorem by induction on the number of resolution steps in D. If D contains 
a single resolution step, D is a DAG of the form 


{P {>P} 


wy 


Hence, for some clauses C;; and C; in the set of clauses {C1,...,Cm}, 
C; = {P} and C; = {=P}. Hence, the one-node tree labeled with the axiom 
C1,...,Cm — is a proof tree. 


If D has more than one resolution step, it is a DAG (t, R) whose root 
is labeled with the empty clause. The descendants n, and ng of the root r of 
(t, R) are labeled with clauses {P} and {=P} for some propositional letter P. 
There are two cases: Either one of n1, 2 is a leaf, or neither is a leaf. 


Case 1: Assume that nj is a leaf, so that C, = {P}, the other case being 
similar. Let 
{Ai,7P},...,{An, 7P} 


be the terminal nodes of all paths from the node nz, such that every node in 
each of these paths contains ~P. Let D2 be the resolution DAG obtained by 
deleting r and n, (as well as the edges having these nodes as source) and by 
deleting —P from every node in every path from ng such that every node in 
such a path contains =P. The root of Dg is labeled with the empty clause. 
By the induction hypothesis, there is a proof tree Tz in GCN F" for 
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T, Aj,...,4n —, where 
T = {Co,...,Cm}— {{A1, =P}, ..., {An, aP}}. 


If {Aj,..., An} is a subset of T, then the tree obtained from T2 by re- 
placing T by {C4,...,Cm} is also a proof tree. By the induction hypothesis 
the number of leaves k in T is less than or equal to the number of resolution 
steps in D2, which is less than the number of resolution steps in D. 


If {Aj,..., An} is not a subset of I, then, the following is a proof tree T 
in GCNF" for Cj, ...,Cm —. 
T 
T, Aq,..., An P,AaP => 


P,T,{A,,7P},...,{An, 7P} > 


The number of axioms in T is k—1+1 =k, which is less than or equal to 
the number of resolution steps in D. In the special case where I’, Aj, ..., An > 
is an axiom, since C),...,C, — is not a trivial sequent (the case of a trivial 
sequent being covered by the base case of a DAG with a single resolution 
step), there is some proposition in T, Aj,..., A, which is the conjugate of one 


of the A;. Then, T> is simply the axiom A;, A; >. 


Case 2: Neither n, nor ng is a leaf. Let 
{A1, P},...,{An, P} 


be the set of terminal nodes of all paths from the node n,, such that every node 
in each of these paths contains P. Let D; be the resolution DAG consisting 
of the descendant nodes of ni (and ny itself), and obtained by deleting P 
from every node in every path from n, such that every node in such a path 
contains P. The root of Dj, is labeled with the empty clause. By the induction 
hypothesis, there is a proof tree T; in GCN F” for Ty, Aj,..., An —, where Ty 
is some subset of {C1,...C,}. By the induction hypothesis the number of 
axioms in 7 is less than or equal to the number m, of resolution steps in 
Dy,. Similarly, let D2 be the DAG obtained by deleting all descendants of n1 
that are not descendants of ng, and deleting all edges having these nodes as 
source, including the edges from 1, so that m1 is now a leaf. By the induction 
hypothesis, there is a proof tree Ty in GCN F’ with root labeled with 2, P —, 
where [2 is some subset of {C1,...,Cm}. 


If {Aj,..., An} is a subset of 1, then the tree T, is also a proof tree 
for {Cj,...,Cm}. Similarly, if P belongs to Ts, the tree T> is a proof tree for 
{Ci,...,Cm}. Otherwise, we have the following proof tree T in GCN F’: 
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T, T 
Ty, Aj,..., An > To,P—- 
T, {Aj, P},...,{An, P} - 


The special cases in which either Ty, A1,...,4, — or T2,P — is an 
axiom is handled as in case 1. The details are left as an exercise. This 
completes the proof. 


Remark. Although it is tempting to claim that the number of resolution 
steps in D is m, + mg, this is unfortunately false! The problem is that 
because a resolution refutation is a DAG, certain nodes can be shared. 


EXAMPLE 4.3.7 
Let D be the following resolution refutation: 


{P,Q} {P,Q} {>P,Q}  {>P, -Q} 
{P} {Qt 
{4P} 


Let D, be the set of descendants of {P}: 


{P, Q} {P, -Q} 
{P} 
Let D2 be the resolution refutation obtained by deleting P: 
{Q} {7Q} 


Let Ds be the DAG obtained from D by deleting the descendants of 
{P} that are not descendants of {=P}. Note that since {P,Q} is a 
descendant of {=P}, it is retained. However, {P,Q} is deleted. 


{P} {P, Q} {-P,Q} — {>P, -Q} 


SH 


{Q} 
{-P} 
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Let D, be the resolution refutation obtained by deleting =P from all 
paths from {=P} containing it: 


{P,Q} {>P, Q} {7Q} 


{Q} 


Let Ds be the set of descendants of {Q}: 
{P,Q} {7P, Q} 
{Q} 


Let Dg be the resolution refutation obtained from Ds; by deleting Q: 


{P} {>P} 


we 


The method of theorem 4.3.3 yields the following proof trees: The tree 
Ti: 


Q,7Q > 
corresponds to Dg; 


The tree JT): 


Q,-Q > P,P = 
{P,Q}, {-P, Q},-Q > 


corresponds to D4; 


The tree T3: 


Q,7Q - Pe: AP —- 
{P,Q}, {-P, Q}, -Q — P,AP — 
P, 130} {aP,Q},14P, =Q} — 


corresponds to D3; 


The tree Ty: 
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Q,7Q - P,AP = 
{P,Q}, {9P, Q},-Q > BaP 
Q,-Q-> P, {P,Q}, {7P, Q}, {7P, -Q} > 
{P,Q}, {P, -Q}, {P,Q}, {>P, -Q} > 


corresponds to D. The number of axioms of T, is four, which is the 
number of resolution steps in D. The next example shows that it is 
possible that the proof tree constructed from a resolution DAG has fewer 
leaves than the number of resolution steps. 


EXAMPLE 4.3.8 


Consider the following resolution refutation D: 


{P, < i R} {R,P}  {4P} 
oo a 


Let D, be the DAG consisting of the descendants of {R}: 


{P, Q} {>P,R} {7Q} 
{Q,R} 


{R} 
Let Dz be the DAG obtained from D, by deleting R: 


{P, Q} {>P} {7Q} 


{Q} 


Note that Dz is a resolution for a subset of the set of clauses 


{{P, Qh {7P, R},{7Q}, (AR, Pee 


The construction recursively applied to Dg yields the following proof 
tree: 
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a sae Q,7Q > 
{P,Q}, 9P,-Q > 


From the above tree, we obtain the following proof tree for the original 
set of clauses: 


dae sie: Q,7Q > 
{P,Q}, {-P, R}, 7Q, {4R, P}, -P > 


This last tree has two leaves, whereas the DAG D has four resolution 
steps. 


When the resolution DAG D is a tree, we still have the following lemma 
showing that the Gentzen system GONF’ is basically as efficient as the reso- 
lution method. 


Lemma 4.3.4 Ifa resolution refutation D is a tree with m nodes, then the 
proof tree T’ constructed by the method of theorem 4.3.3 has a number of 
nodes n such that, n < 2m —3. 


Proof: Assume that D has r resolution steps. Since the tree T is binary 
branching and has k < r leaves, it has n = 2k — 1 nodes. But the number m 
of nodes in the DAG D is such that, r+1<m<2r+1. Hence, n < 2m—3. 


In the proof tree of example 4.3.7, there are two leaves labeled with 
P,=P — , and two leaves labeled with Q,-Q —. Hence, if this tree is 
represented as a DAG, it will have five nodes instead of seven. The original 
DAG has eight nodes. This suggests that the system GCNF’ using DAGs 
instead of trees is just as efficient as the resolution method. However, we do 
not have a proof of this fact at this time. 


PROBLEMS 


4.3.1. Show that the set of clauses 
{{A, B, als {A, B, C}, {A, SB}, {7 A}} 


is unsatisfiable using the resolution method. 


4.3.2. Show that the following sets of clauses are unsatisfiable using the 
resolution method: 


(a) {{A, B, Ch, {B, Ch, 17ay Ch, {B, GH, {-B}} 
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4.3.3. 


4.3.4. 


4.3.5. 


4.3.6. 


4.3.7. 


4.3.8. 


4.3.9. 


(b) {{A, —B}, {A, Ch, {-B, Ch, {7A, B}, eee aa fy {7A, =C}h} 


Construct a proof tree in GCNF’ for the set of clauses of problem 
4.3.1, and convert it into a resolution DAG using the algorithm of 
theorem 4.3.1. 


Construct proof trees in GCN F” for the sets of clauses of problem 
4.3.2, and convert them into resolution DAGs using the algorithm of 
theorem 4.3.1. 


Convert the resolution DAG for the clause of problem 4.3.1 into a 
proof tree using the algorithm of theorem 4.3.3. 


Convert the resolution DAGs for the clause of problem 4.3.2 into proof 
trees using the algorithm of theorem 4.3.3. 


Find all resolvents of the following pairs of clauses: 
(a) {A, B}, (>A, ~B} 
(b) {A, >B}, {B, C, D} 
(c) {7A, B, >C}, {B, C} 
(d) {A, >A}, {A, >A} 


Construct a resolution refutation for the following set of clauses: 


AP; Q}, qs Q}, 1 7Q}, spe at aQ}H}- 
Convert this resolution DAG into a proof tree using the algorithm of 
theorem 4.3.3 


Another way of presenting the resolution method is as follows. Given 
a (finite) set S of clauses, let 


R(S) = SU{C | C is a resolvent of two clauses in S}. 


Also, let 
R°(S) = 8, 
R"*1(S) = R(R"(S)),n > 0, and let 


R*(S) = J RS). 


n>0 


(a) Prove that S' is unsatisfiable if and only if R*(S) is unsatisfiable. 


(b) Prove that if S is finite, there is some n > 0 such that 


R*(S) = R"(S). 


144 4/Resolution In Propositional Logic 


(c) Prove that there is a resolution refutation for $ if and only if the 
empty clause 1 is in R*(S). 


(d) Prove that S is unsatisfiable if and only if 0 belongs to R*(S). 


4.3.10. Find R(S) for the following sets of clauses: 
(a) {{A, >B}, {A, B}, {>A}} 
(b) {{4, B,C}, {>B, -C}, {>A, -Ch} 
(c) {{74, B}, {B,C}, {4C, Af} 
(d) {{A, B,C}, {A}, {By} 


4.3.11. Prove that the resolution method is still complete if the resolution 
tule is restricted to clauses that are not tautologies (that is, clauses 
not containing both P and —P for some propositional letter P.) 


4.3.12. We say that a clause C) subsumes a clause C2 if C| is a proper subset 
of Cz. In the version of the resolution method described in problem 
4.3.8, let 


Ri(S) = R(S) — {C | C is subsumed by some clause in R(S)}. 
Let 
R= §, 
RY*"(S) = Ri(R7(S)) and 
Ri(S) = LJ {R72 (5)}. 


n>0 


Prove that S is unsatisfiable if and only if 1 belongs to R7(S). 


4.3.13. Prove that the resolution method is also complete for infinite sets of 
clauses. 


4.3.14. Write a computer program implementing the resolution method. 


Notes and Suggestions for Further Reading 


The resolution method was discovered by J.A. Robinson (Robinson, 1965). An 
earlier method for testing the unsatisfiability of a set of clauses is the Davis- 
Putnam procedure (Davis and Putnam, 1960). Improvements due to Prawitz 
(Prawitz, 1960) and Davis (Davis, 1963) led to the resolution method. An 
exposition of resolution based on Gentzen sequents has also been given by J. 
Robinson (Robinson, 1969), but the technical details are different. To the best 
of our knowledge, the constructive method used in this chapter for proving the 
completeness of the resolution method by transforming a Gentzen-like proof 
is original. 
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With J.A. Robinson, this author believes that a Gentzen-sequent based 
exposition of resolution is the best from a pedagogical point of view and for 
theoretical understanding. 


The resolution method and many of its refinements are discussed in 
Robinson, 1969; Loveland, 1978; and in Chang and Lee, 1973. 


Chapter 5 


First-Order Logic 


5.1 INTRODUCTION 


In propositional logic, it is not possible to express assertions about elements 
of a structure. The weak expressive power of propositional logic accounts for 
its relative mathematical simplicity, but it is a very severe limitation, and it 
is desirable to have more expressive logics. First-order logic is a considerably 
richer logic than propositional logic, but yet enjoys many nice mathemati- 
cal properties. In particular, there are finitary proof systems complete with 
respect to the semantics. 


In first-order logic, assertions about elements of structures can be ex- 
pressed. Technically, this is achieved by allowing the propositional symbols 
to have arguments ranging over elements of structures. For convenience, we 
also allow symbols denoting functions and constants. 


Our study of first-order logic will parallel the study of propositional logic 
conducted in Chapter 3. First, the syntax of first-order logic will be defined. 
The syntax is given by an inductive definition. Next, the semantics of first- 
order logic will be given. For this, it will be necessary to define the notion of 
a structure, which is essentially the concept of an algebra defined in Section 
2.4, and the notion of satisfaction. Given a structure M and a formula A, for 
any assignment s of values in M to the variables (in A), we shall define the 
satisfaction relation =, so that 


ME Als] 


146 


5.2 FIRST-ORDER LANGUAGES 147 


expresses the fact that the assignment s satisfies the formula A in M. 


The satisfaction relation - is defined recursively on the set of formulae. 
Hence, it will be necessary to prove that the set of formulae is freely generated 
by the atomic formulae. 


A formula A is said to be valid in a structure M if 


ME Als] 


for every assignment s. A formula A is valid (or universally valid) if A is valid 
in every structure M. 


Next, we shall attempt to find an algorithm for deciding whether a 
formula is valid. Unfortunately, there is no such algorithm. However, it is 
possible to find a procedure that will construct a proof for a valid formula. 
Contrary to the propositional case, this procedure may run forever if the input 
formula is not valid. We will set up a proof system that is a generalization of 
the Gentzen system of Section 3.4 and extend the search procedure to first- 
order formulae. Then, some fundamental theorems will be proved, including 
the completeness theorem, compactness theorem, and model existence theo- 
rem. 


The two main concepts in this chapter are the search procedure to build 
proof trees and Hintikka sets. The main theme is that the search procedure 
is a Hintikka set constructor. If the search procedure fails to find a counter 
example, a proof is produced. Otherwise, the Hintikka set yields a counter 
example. This approach yields the completeness theorem in a very direct 
fashion. Another theme that will emerge in this chapter is that the search 
procedure is a very inefficient proof procedure. The purpose of the next 
chapters is to try to find more efficient proof procedures. 


5.2 FIRST-ORDER LANGUAGES 


First, we define alphabets for first-order languages. 


5.2.1 Syntax 


In contrast with propositional logic, first-order languages have a fixed part 
consisting of logical connectives, variables, and auxiliary symbols, and a part 
that depends on the intended application of the language, consisting of pred- 
icate, function, and constant symbols, called the non logical part. 


Definition 5.2.1 The alphabet of a first-order language consists of the fol- 
lowing sets of symbols: 

Logical connectives: A (and), V (or), — (not), D (implication), = (equi- 
valence), L (falsehood); quantifiers: V (for all), 4 (there exists); the equality 
symbol =. 
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Variables: A countably infinite set V = {x9, 21, 22,...}. 
Ausailiary symbols: “(” and “)”. 
A set L of nonlogical symbols consisting of: 


(i) Function symbols: A (countable, possibly empty) set FS of symbols 
fo, f1,---, and a rank function r assigning a positive integer r(f) (called rank 
or arity) to every function symbol f. 


(ii) Constants: A (countable, possibly empty) set CS of symbols co,c1,..., 
each of rank zero. 


(iii) Predicate symbols: A (countable, possibly empty) set PS of symbols 
Po, Pi,..., and a rank function r assigning a nonnegative integer r(P) (called 
rank or arity) to each predicate symbol P. 


It is assumed that the sets V, FS, CS and PS are disjoint. We will refer 
to a first-order language with set of nonlogical symbols L as the language L. 
First-order languages obtained by omitting the equality symbol are referred 
to as first-order languages without equality. Note that predicate symbols of 
rank zero are in fact propositional symbols. Note also that we are using the 
symbol = for equality in the object language in order to avoid confusion with 
the symbol = used for equality in the meta language. 


We now give inductive definitions for the sets of terms and formulae. 
Note that a first-order language is in fact a two-sorted ranked alphabet in the 
sense of Subsection 2.5.1. The sorts are term and formula. The symbols in 
V, CS and FS are of sort term, and the symbols in PS and _ are of sort 
formula. 


Definition 5.2.2 Given a first-order language L, let [ be the union of the 
sets V, CS and FS. For every function symbol f of rank n > 0, let Cy be the 
function Cy : (I*)" — I* such that, for all strings t1,...,tn €I*, 


Cty ast) =fiiates 


The set TERMy, of L-terms (for short, terms) is the inductive closure 
of the union of the set V of variables and the set CS of constants under the 
constructors C’y. 


A more informal way of stating definition 5.2.2 is the following: 
(i) Every constant and every variable is a term. 


(ii) If t1,...,¢, are terms and f is a function symbol of rank n > 0, then 
fti...tn is a term. 
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EXAMPLE 5.2.1 


Let L be the following first-order language for arithmetic where, CS = 
{0}, FS = {S,+,*}, and PS = {<}. The symbol S has rank 1, and the 
symbols +, * and < have rank 2. Then, the following are terms: 


SO 


+50S'S0 
«x19 + S212. 


Definition 5.2.3 Given a first-order language L, let A be the union of the 
sets [T and PS (where I is the union of the sets V, CS, FS). For every 
predicate symbol P of rank n > 0, let Cp be the function 


Cp: (I*)" — A* 
such that, for all strings t,,...,t, € I*, 
Cp(t1, ..4tn) = Pty..tn. 


Also, let C. be the function C. : (I*)? — A* such that, for all strings 
ty, tg € I*, 
Cty, tg) = = tyte. 
The set of L-atomic formulae (for short, atomic formulae) is the induc- 
tive closure of the pair of sets TE RMy, (of sort term) and {P| P € PS, r(P) = 
O} U{L} (of sort formula), under the functions Cp and C_. 


A less formal definition is the following: 
(i) Every predicate symbol of rank 0 is an atomic formula, and so is L. 


(ii) If 1, ...,t) are terms and P is a predicate symbol of rank n > 0, then 
Pt,...t, is an atomic formula, and so is = t,t. 


Let © be the union of the sets V, CS, FS, PS, and {A,V,7,5,=, 
V,4,=,(,),L}. The functions C,, Cv, C5, C=, C. are defined (on *) as in 
definition 3.2.2, and the functions A; and EF; are defined such that, for any 
string A € &*, 


The set FORMy, of L-formulae (for short, formulae) is the inductive 
closure of the set of atomic formulae under the functions C,, Cy, C5, Cz=, 
C_, and the functions A; and £;. 


A more informal way to state definition 5.2.3 is to define a formula as 
follows: 
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(i) Every atomic formula is a formula. 


(ii) For any two formulae A and B, (AA B), (AV B), (AD B), (A= B) 
and —A are also formulae. 


(iii) For any variable x; and any formula A, Vx;A and 4x;A are also 
formulae. 


We let the letters x, y, z subscripted or not range over variables. We 


also omit parentheses whenever possible, as in the propositional calculus. 


EXAMPLE 5.2.2 


Using the first-order language of example 5.2.1, the following are atomic 
formulae: 
< 050 


= ySx 


The following are formulae: 


VaVy(< zy D dz =y4+ 22) 
VaVy((< cyV < yx)V = zy) 


Next, we will show that terms and formulae are freely generated. 


5.2.2 Free Generation of the Set of Terms 


We define a function K such that for a symbol s (variable, constant or function 
symbol), K(s) = 1—n, where n is the least number of terms that must follow 
s to obtain a term (n is the “tail deficiency”). 

K(a) =1—0=1, for a variable z; 

K(c) =1-—0=1, for a constant c; 

K(f) =1—7n, for a n-ary function symbol f. 


We extend K to strings composed of variables, constants and function symbols 
as follows: if w = w}...wm then 


K(w) = K(wi) +... + K(wm), 
and the following property holds. 


Lemma 5.2.1 For any term t, K(t) = 1. 


Proof: We use the induction principle for the set of terms. The basis of 
the induction holds trivially for the atoms. For a term ft1...t, where f is of 
arity n > 0 and ¢j,...,¢, are terms, since by definition K(fty...t,) = K(f) + 
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K(ti)+...4 K(t,) and by the induction hypothesis K(t,) =... = K(tn) = 1, 
we have K(fty...t,) =l-n+(1+...41)=1. 


Lemma 5.2.2 Every nonempty suffix of a term is a concatenation of one or 
more terms. 


Proof: We use the induction principle for terms. The basis is obvious 
for the atoms. For a term ft,...t,, any proper suffix w must be of the form 
Stp41...tn, where k <n, and s is a suffix of t,. By the induction hypothesis, 
s is a concatenation of terms $1,...,5m, and w = $1...8mtxp41..-tn, which is a 
concatenation of terms. 0 


Lemma 5.2.3 No proper prefix of a term is a term. 


Proof: Assume a term t is divided into a proper prefix ¢; and a (proper) 
suffix tg. Then, 1 = K(t) = K(t,) + K(t2). By lemma 5.2.2, K(t2) > 1. 
Hence K(t,) <0 and ¢t; cannot be a term by lemma 5.2.1. 


Theorem 5.2.1 The set of L-terms is freely generated from the variables 
and constants as atoms and the functions Cy as operations. 


Proof: First, f 4 g clearly implies that Cy and Cy have disjoint ranges 
and these ranges are disjoint from the set of variables and the set of constants. 
Since the constructors increase the length of strings, condition (3) for free 
generation holds. It remains to show that the restrictions of the functions C's 
to TERM, are injective. If fty...tm = fs1...5n, we must have t1...tm = $1...8n. 
Then either tj = s1, or ty is a proper prefix of s;, or 5s; is a proper prefix of fy. 
In the first case, 52...5m, = tg...t,. The other two cases are ruled out by lemma 
5.2.3 since both t, and s; are terms. By repeating the above reasoning, we 
find that m = n and t; = s;, 1 <i< n. Hence the set of terms is freely 
generated. 


5.2.3 Free Generation of the Set of Formulae 


To extend this argument to formulae, we define K on the other symbols with 
the following idea in mind: K(s) should be 1—n, where n is the least number 
of things (right parentheses, terms or formulae) required to go along with s 
in order to form a formula (n is the “tail deficiency” ). 


K(4() =-1; 

K(*)=1; 
K(v) =-1; 
K(A) =-1; 
K(A) =-1; 
K(v) =-1; 
K(>) =-1; 
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K(=) =-1; 

K(>) = 0; 

K(=)=-1; 

K(P)=1-n for any n-ary predicate symbol P; 
K(L) =1. 


We also extend K to strings as usual: 
K(wy...Wm) = K(wi)+...+ K(wm). 
A lemma analogous to lemma 5.2.1 holds for formulae. 


Lemma 5.2.4 For any formula A, K(A) = 1. 


Proof: The proof uses the induction principle for formulae. Let Y be 
the subset of the set of formulae A such that K(A) = 1. First, we show that 
Y contains the atomic formulae. If A is of the form Pt,...t;, where P has rank 
m, since by lemma 5.2.1, K(t;) = 1, and by definition K(P) = 1—m, K(A) = 
1—m+m = 1, as desired. If A is of the form = tito, since K(t,;) = K(t2) =1 
and K(=) = —-1, K(A) = -1+1+1=1. By definition K(L) = 1. Next, if A 
is of the form —B, by the induction hypothesis, K(B) = 1. Since K(-) = 0, 
K(A) =0+1=1. If A is of the form (B * C) where « € {A, V,D,=}, by the 
induction hypothesis, K(B) = 1 and K(C) =1, and 


K(A) = K(“(")+K(B)+K(s) + K(C)+K(*)") =-1414-14141=1 


Finally if A is of the form Vz;B (or 4x2;B), by the induction hypothesis 
K(B) = 1, and K(A) = K(V) + K(a;)+ K(B) = -14+1+4+1=1. Hence Y is 
closed under the connectives, which concludes the proof by induction. 


Lemma 5.2.5 For any proper prefix w of a formula A, K(w) < 0. 


Proof: The proof uses the induction principle for formulae and is similar 
to that of lemma 5.2.4. It is left as an exercise. 


Lemma 5.2.6 No proper prefix of a formula is a formula. 


Proof: Immediate from lemma 5.2.4 and lemma 5.2.5. 


Theorem 5.2.2 The set of L-formulae is freely generated by the atomic 
formulae as atoms and the functions Cx (X a logical connective), A; and Ej. 


Proof: The proof is similar to that of theorem 3.2.1 and rests on the 
fact that no proper prefix of a formula is a formula. The argument for atomic 
formulae is similar to the arguments for terms. The propositional connectives 
are handled as in the proof of theorem 3.2.1. For the quantifiers, observe 
that given two formulae, one in the range of a function A; or E;, the other 
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in the range of another function, either the leftmost characters differ (for C,, 
Cy, Coy, C= and C_, “(” and “-” are different from “V” and “3”), or the 
substrings consisting of the two leftmost symbols differ (Vz; is different from 
Va; for 7 Ai and different from dx; for any x;, and similarly Ja; is different 
from Ja, for 7; £ x; and different from Vz; for any x;). 


The fact that the restrictions of the functions C,, Cy, C5, C= and C_ 
to FORMy, are injective is shown as in lemma 3.2.1, using the property that 
a proper prefix of a formula is not a formula (and a proper prefix of a term 
is not a term). For the functions A;, A;(A) = A,(B) iff Vz;A = V2,B iff 
A = B, and similarly for £;. Finally, the constructors increase the number of 
connectives (or quantifiers). 


Remarks: 


(1) Instead of defining terms and atomic formulae in prefix notation, one 
can define them as follows (using parentheses): 


The second clause of definition 5.2.2 is changed to: For every function 
symbol f of arity n and any terms f),...,tn, f(t1,...,tn) is a term. Also, atomic 
formulae are defined as follows: For every predicate symbol P of arity n and 
any terms t1,...,tn, P(ti,...,tn) is an atomic formula; t; = tg is an atomic 
formula. 


One can still show that the terms and formulae are freely generated. In 
the sequel, we shall use the second notation when it is convenient. For simplic- 
ity, we shall also frequently use = instead of = and omit parentheses whenever 
possible, using the conventions adopted for the propositional calculus. 


(2) The sets TERM, and FORM, are the carriers of a two-sorted 
algebra T(L,V) with sorts term and formula, in the sense of Subsection 
2.5.2. The operations are the functions C’y for all function symbols, C_, Cp 
for all predicate symbols, Cy, Cy, Cs, Cz, C., Ai, E; (4 > 0) for formulae, 
and the symbols of arity 0 are the propositional symbols in PS, the constants 
in CS, and L. This two-sorted algebra T(L, V) is free on the set of variables 
V (as defined in Section 2.5), and is isomorphic to the tree algebra Ty, (V) (in 
Ti(V), the term A;,(A) is used instead of Vx;A, and E;(A) instead of dx; A). 


5.2.4 Free and Bound Variables 


In first-order logic, variables may occur bound by quantifiers. Free and bound 
occurrences of variables are defined by recursion as follows. 


Definition 5.2.4 Given a term t, the set FV(t) of free variables of t is 
defined by recursion as follows: 


FV(a;) = {x;}, for a variable x;; 
0, 


FV(c) =9, for a constant c; 
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FV(fti...tn) = FV(ti) UU... UFV(tn), 


for a function symbol f of rank n. 


For a formula A, the set FV(A) of free variables of A is defined by: 


FV(Pty...tn) = FV(ti)U.. UFV(tn), 
for a predicate symbol P of rank n; 


a tite) = FV(ti) U FV (te); 
ee A) = FV(A); 
as B)) = FV(A)UFV(B), where * € {A,V,D,=}; 
Fv) = 0; 
FV (Va,A) = FV(A) — {ai}; 
FV (ax, A) = FV(A) — {ai}. 


A term t or a formula A is closed if, respectively FV(t) = 0, or FV(A) = 
(. A closed formula is also called a sentence. A formula without quantifiers 
is called open. 


Definition 5.2.5 Given a formula A, the set BV(A) of bound variables in 
A is given by: 


BV (Pty...tn) = 0; 
BV(= tite) = 9; 
BV(AA) = BV(A); 
BV((Ax* B)) = BV(A) U BV(B), where *« € {A, V,D,=} 
BV(1L) =9; 
BV (Va;A) = BV(A) U {aj}; 
BV (Av;A) = BV(A)U {a;} 


In a formula Vx;A (or Jx;A), we say that the variable x; is bound by the 
quantifier V (or 3). 

For a formula A, the intersection of FV(A) and BV(A) need not be 
empty, that is, the same variable may have both a free and a bound occurrence 
in A. As we shall see later, every formula is equivalent to a formula where the 
free and bound variables are disjoint. 


EXAMPLE 5.2.3 


Let 
A= (Va(Ray D Px) \Vy(-Raey \VaPx)). 
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Then 
FV(A) = {z,y}, BV(A) = {2, y}. 
For 
B=V2x(Rry D Po), 
we have 
FV(B) = {y}, BV(B) = {cz}. 
For 
C=Vy(-Rry \VaePzr), 
we have 


FV(C) = {a} and BV(C) = {z, y}. 


5.2.5 Substitutions 


We will also need to define the substitution of a term for a free variable in a 
term or a formula. 


Definition 5.2.6 Let s and t be terms. The result of substituting ¢ in s for 
a variable x, denoted by s[t/] is defined recursively as follows: 


ylt/x] = tf y #2 then y else t, when s is a variable y; 
c[t/x] = c, when s is a constant c; 
fty...ty[t/a] = fti[t/a]...tp[t/z], when s is a term fty...tn. 


For a formula A, A[t/z] is defined recursively as follows: 


L [t/a] =L, when A is 1; 
Pty...ty[t/a] = Pty[t/a]...tp[t/v], when A = Pty...tn; 
= tyte[t/r] = = ty[t/x]te[t/x], when A = = tyto; 
(B *« C)[t/2] = (Bit/a] * Clt/z]), when A= (BxC), * € {A,V,D,=}. 


(=B)[t/x] = —Bit/x], when A= —B; 
(VyB)[t/a] = if «#y then VyB{t/z] else VyB, when A= VyB; 
(AyB)[t/a] = if « #y then AyB{t/z] else yB, when A= JyB. 


EXAMPLE 5.2.4 


Let 
A=Vz2(P(2) D Q(a, f(y))), and let t = g(y). 


We have 


f(x){t/2] = F(g(y)),  Alt/y] = Va(P(2) > Q(2, F(gy)))), 
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Alt/a] = Va(P(x) D Q(a, f(y))) =A, 
since x is a bound variable. 


The above definition prevents substitution of a term for a bound variable. 
When we give the semantics of the language, certain substitutions will not 
behave properly in the sense that they can change the truth value in a wrong 
way. These are substitutions in which some variable in the term t becomes 
bound in A[t/a]. 


EXAMPLE 5.2.5 
Let 


A= 4au(x < y)[x/y] = Au(a < 2). 


The sentence 


is false in an ordered structure, but 


may well be satisfied. 


Definition 5.2.7 A term t is free for x in A if either: 
(i) A is atomic or 


ii) A= (B*C) and t is free for x in B and C, * € {A, V, D, =} or 


( 

(iii) A = 4B and t is free for x in B or 

(iv) A=VyB or A= JyB and either 
r=yor 


c#y,y¢ FV(t) and t is free for x in B. 


EXAMPLE 5.2.6 
Let 
A =V2(P(x) > Q(z, f(y))). 
Then g(y) is free for y in A, but g(x) is not free for y in A. 
If 


then g(z) is not free for y in B, but g(z) is free for z in B (because the 
substitution of g(z) for z will not take place). 


From now on we will assume that all substitutions satisfy the conditions 
of definition 5.2.7. Sometimes, if a formula A contains x as a free variable we 
write A as A(x) and we abbreviate A[t/z] as A(t). In the next section, we 
will turn to the semantics of first-order logic. 
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PROBLEMS 
5.2.1. Prove lemma 5.2.6. 
5.2.2. Let w be a string consisting of variables, constants and function sym- 
bols. 
(a) Prove that if K(v) > 0 for every proper suffix v of w, then w is a 
concatenation of K(w) terms. 
(b) Prove that w is a term iff K(w) = 1 and K(v) > 0 for every 
proper suffix v of w. 
5.2.3. Given a formula A and constants a and 6, show that for any two 
distinct variables x; and 2;, 
Ala/ai][b/x3| = Alb/a;][a/a1). 
5.2.4. Prove that for every formula A and for every constant c, 
FV(Alc/a]) = FV(A) — {a}. 
5.2.5. Prove that for any formula A and term t, if y is not in F'V(A), then 
At/y] = A. 
5.2.6. Prove that for every formula A and every term t, if t is free for x in 
A, x #z and z is not in FV(t), for every constant d, 
Alt/a][d/2] = Ald/z]{t/a]. 
5.2.7. Prove that for every formula A, if x and y are distinct variables, y is 
free in A, and z is a variable not occurring in A, for every term t free 
for « in A, 
Alt/a]lz/y] = Alz/ylltlz/y]/a], 
and t[z/y] is free for x in A[z/y]. 
* 5.2.8. The purpose of this problem is to generalize problem 3.2.6, that is, to 


give a context-free grammar defining terms and formulae. For this, it 
is necessary to encode the variables, constants, and the function and 
predicate symbols, as strings over a finite alphabet. Following Lewis 
and Papadimitriou, 1981, each variable x, is encoded as xJI"$, each 
m-ary predicate symbol P,, is encoded as PI™$I"$ (m,n > 0), and 
each m-ary function symbol f, is encoded as fI™$I"$. 


Then, the set of terms and formulae is the language L(G) defined by 
the following context-free grammar G = (V,™, R, S): 


D={P LF 2,3, 4, 2,235 V4. Sy L}, 
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V =ZSU{S,N,T,U,W}, 


R={N-<e, 
N= NI, 
W > «N$, 
TW, 
T— fU, 
UIT: 
U — $N$%, 
S — PU, 
SL, 
S3=TT, 
S— (SVS), 
S—> (SAS), 
S— (SD S$), 
S—>(S=S), 
S——S, 
S—3VWS, 
S— 4AWsS} 


Prove that the grammar G is unambiguous. 


Note: The above language is actually SLR(1). For details on parsing 
techniques, consult Aho and Ullman, 1977. 


5.3 SEMANTICS OF FIRST-ORDER LANGUAGES 


Given a first-order language L, the semantics of formulae is obtained by inter- 
preting the function, constant and predicate symbols in L and assigning values 
to the free variables. For this, we need to define the concept of a structure. 


5.3.1 First-Order Structures 


A first-order structure assigns a meaning to the symbols in L as explained 
below. 


Definition 5.3.1. Given a first-order language L, an L-structure M (for 
short, a structure) is a pair M = (M,J) where M is a nonempty set called 
the domain (or carrier) of the structure and J is a function called the inter- 
pretation function and which assigns functions and predicates over M to the 
symbols in L as follows: 
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(i) For every function symbol f of rank n > 0, I(f): M" — M is an 
n-ary function. 


(ii) For every constant c, I(c) is an element of M. 


(iii) For every predicate symbol P of rank n > 0, 1(P): M" — BOOL is 
an n-ary predicate. In particular, predicate symbols of rank 0 are interpreted 
as truth values (Hence, the interpretation function J restricted to predicate 
symbols of rank zero is a valuation as in propositional logic.) 


We will also use the following notation in which I is omitted: I(f) is 
denoted as fm, I(c) as cm and I(P) as Pm. 


EXAMPLE 5.3.1 


Let L be the language of arithmetic where, CS = {0} and FS = 
{S,+,*}. The symbol S has rank 1, and the symbols +, * have rank 2. 
The L-structure NV is defined such that its domain is the set N of nat- 
ural numbers, and the constant and function symbols are interpreted as 
follows: 0 is interpreted as zero, S as the function such that S(a) = 2+1 
for all « € N (the successor function), + is interpreted as addition and 
* as multiplication. The structure Q obtained by replacing N by the set 
Q of rational numbers and the structure R obtained by replacing N by 
the set R of real numbers and interpreting 0, S, + and « in the natural 
way are also L-structures. 


Remark: Note that a first-order L-structure is in fact a two-sorted al- 
gebra as defined in Subsection 2.5.2 (with carrier BOOL of sort formula and 
carrier M of sort term). 


5.3.2 Semantics of Formulae 


We now wish to define the semantics of formulae. Since a formula A may 
contain free variables, its truth value will generally depend on the specific 
assignment s of values from the domain M to the variables. Hence, we shall 
define the semantics of a formula A as a function Am from the set of assign- 
ments of values in M to the variables, to the set BOOL of truth values. First, 
we need some definitions. For more details, see Section 10.3.2. 


Definition 5.3.2 Given a first-order language L and an L-structure M, an 
assignment is any function s : V — M from the set of variables V to the 
domain M. The set of all such functions is denoted by [V — M]. 


To define the meaning of a formula, we shall construct the function 
Am recursively, using the fact that formulae are freely generated from the 
atomic formulae, and using theorem 2.4.1. Since the meaning of a formula is 
a function from [V — M] to BOOL, let us denote the set of all such functions 
as [[V — M] > BOOT]. In order to apply theorem 2.4.1, it is necessary to 
extend the connectives to the set of functions [[V — M] — BOOL] to make 
this set into an algebra. For this, the next two definitions are needed. 
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Definition 5.3.3 Given any nonempty domain M, given any element a © M 
and any assignment s : V — M, s[z; := a] denotes the new assignment 
s’: V > M such that 


s'(y) = s(y) for y # x and s‘(x;) =a. 


For all i > 0, define the function (A;)m and (£;)m from [[V — M] — 
BOOL] to [[V — M] — BOOT] as follows: For every function f € [[V > 
M] — BOOL), (Ai)m(f) is the function such that: For every assignment 
séE[V— MI], 


(Aj) m(f)(s) =F iff f(s[a;:=a])=F for someaec M; 


The function (£;)m(f) is the function such that: For every assignment 
séE[V— MI], 


(E;)m(f)(s)=T iff f(s[zj:=a])=T for someae M. 


Note that (A;)m(f)(s) = T iff the function g, : M — BOOL such that 
gs(a) = f(s[x; := a]) for all a € M is the constant function whose value is T, 
and that (£;)m(f)(s) = F iff the function g, : M — BOOL defined above is 
the constant function whose value is F. 


Definition 5.3.4 Given a nonempty domain M, the functions Am, Vm, 
Dm and =m from [[V — M] — BOOL] x [[V — M] — BOOL] to [[V > 
M]| — BOOT], and the function —), from [[V — M] — BOOL] to [[V > 
M] — BOOL] are defined as follows: For every two functions f and g in 
[[V — M] — BOOT], for all s in [V > M], 


Am(f,9)(8) = Hr(f(s), 9(8)); 
Va(f,9)(s) = Hv(f(s), 9(s)); 
on (f,9)(8) = Ha(f(s), 9(s)); 
=n (f,9)(s) = Ha(f(s), 9(s)); 
om(f)(s) = H-(f(s)). 


Using theorem 2.4.1, we can now define the meaning ty, of a term t and 
the meaning Am of a formula A. We begin with terms. 


Definition 5.3.5 Given an L-structure M, the function 
tw: [V— MM] > M 


defined by a term t is the function such that for every assignment s € [V > 
M), the value ty4[s] is defined recursively as follows: 
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(i) xtm|s] = s(#), for a variable a; 
(it) cm[s] = cm, for a constant c; 
(iit) (ftr-tr)mls] = for((ti)als], --- tn )als])- 


The recursive definition of the function Ay : [V — M] > BOOL is 
now given. 


Definition 5.3.6 The function 
Am :[V — M] — BOOL 


is defined recursively by the following clauses: 


(1) For atomic formulae: Ay is the function such that, for every assign- 
ment s € [V — M], 


(7) (Pti...tr)m[s] = Pa ((ti)m[s], ---; (tr)aals]); 
(it) (= tite)m[s] = if (t1)m[s] = (t2)m[s] then T else F; 
(iti) (L)m[s] = F 

(2) For nonatomic formulae: 


where *« € {A,V,>,=} and *m is the corresponding function defined in defi- 
nition 5.3.4; 


(77) (-A)m = -m (Am); 
(777) (Va; A)m = (Ai)m(Am); 
(iv) (ax; A)m = (Ei)m(Am) 


Note that by definitions 5.3.3, 5.3.4, 5.3.5, and 5.3.6, for every assign- 
ment s € [V > M], 


(Va; A)m[s] = T iff Am[s[x; := m]] = T for all me M, 


and 
(S2;A)m[s] = T iff Am [s[x; := m]] = T for some m € M. 


Hence, if M is infinite, evaluating (Vx; A)m|[s] (or (Ax; A)m[s]) requires 
testing infinitely many values (all the truth values Ayy[s[x; := ml], for m € 


— 
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M). Hence, contrary to the propositional calculus, there does not appear to 
be an algorithm for computing the truth value of (Vx;A)ml[s] (or (Av; A)m[s]) 
and in fact, no such algorithm exists in general. 


5.3.3 Satisfaction, Validity, and Model 


We can now define the notions of satisfaction, validity and model. 


Definition 5.3.7 Let L be a first-order language and M be an L-structure. 


(i) Given a formula A and an assignment s, we say that M satisfies A 
with s iff 
Am 5] =P. 


This is also denoted by 


ME Als]. 


(ii) A formula A is satisfiable in M iff there is some assignment s such 
that 


Am[s] = T; 
A is satisfiable iff there is some M in which A is satisfiable. 
(iii) A formula A is valid in M (or true in M) iff 
Am|s] = T for every assignment s. 


This is denoted by 
ME A. 


In this case, M is called a model of A. A formula A is valid (or universally 
valid) iff it is valid in every structure M. This is denoted by 


E A. 


(iv) Given a set T of formulae, I is satisfiable iff there exists a structure 
M and an assignment s such that 


ME Als] for every formula A €T; 


A structure M is a model of I iff M is a model of every formula in I. 
This is denoted by 
MET. 


The set [is valid iff M —T for every structure M. This is denoted by 


Er. 


(v) Given a set T of formulae and a formula B, B is a semantic conse- 
quence of I’, denoted by 
TEB 
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iff, for every L-structure M, for every assignment s, 


if ME Als] for every formula AeEIT then M [ Bis}. 


EXAMPLE 5.3.2 


Consider the language of arithmetic defined in example 5.3.1. The fol- 
lowing formulae are valid in the model V with domain the set of natural 
numbers defined in example 5.3.1. This set Ap is known as the axioms 
of Peano’s arithmetic: 


Ve-(S(x) = 0) 
Vevy(S(x2) = S(y) D2 =y) 


Va(a +0 = 2) 
VaVy(x + S(y) = S(x+y)) 
Va(ax * 0 = 0) 


VaVy(a * S(y) =a*xy+ ox) 
For every formula A with one free variable x, 


(A(0) AVa(A(@) > A(S(x)))) > VyA) 


This last axiom scheme is known as an induction axiom. The structure 
N is a model of these formulae. These formulae are not valid in all 
structures. For example, the first formula is not valid in the structure 
whose domain has a single element. 


As in propositional logic, formulae that are universally valid are partic- 
ularly interesting. These formulae will be characterized in terms of a proof 
system in the next section. 


5.3.4 A More Convenient Semantics 


It will be convenient in the sequel, especially in proofs involving Hintikka 
sets, to have a slightly different definition of the truth of a quantified formula. 
The idea behind this definition is to augment the language L with a set of 
constants naming the elements in the structure M, so that elements in M can 
be treated as constants in formulae. Instead of defining the truth value of 
(Vx; A)m|s] using the modified assignments s[x; := m] so that 


(Va; A)m[s] = T iff Am[s[x; := m]] = T for all me M, 
we will define it using the modified formula A[m/z;], so that 
(va; A)m[s] = T iff Alm/z;)m[s] = T for allme M, 


where m is a constant naming the element m € M. Instead of computing the 
truth value of A in the modified assignment s[x; := m], we compute the truth 
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value of the modified formula A[m/x;] obtained by substituting the constant 
m for the variable x;, in the assignment s itself. 


Definition 5.3.8 Given a first-order language L and an L-structure M, the 
extended language L(M) is obtained by adjoining to the set CS of constants 
in La set 

{m | me M} 


of new constants, one for each element of M. The interpretation function I of 
the first-order structure M is extended to the constants in the set {m | m € 
M} by defining J(m) = m. Hence, for any assignment s: V — M, 


(m)m[s] = m. 


The resulting alphabet is not necessarily countable and the set of formu- 
lae may also not be countable. However, since a formula contains only finitely 
many symbols, there is no problem with inductive definitions or proofs by 
induction. 


Next, we will prove a lemma that shows the equivalence of definition 
5.3.6 and the more convenient definition of the truth of a quantified formula 
sketched before definition 5.3.8. First, we need the following technical lemma. 


Lemma 5.3.1 Given a first-order language L and an L-structure M, the 
following hold: 

(1) For any term ¢t, for any assignment s € [V — M], any element 
m € M and any variable 2;, 


tm[s[ai == ml] = (t]m/2:])mls]- 


(2) For any formula A, for any assignment s € [V — M], any element 
m € M and any variable x;, 


Am[s|vi == mJ] = (Alm/2;])m[s)- 


Proof: This proof is a typical induction on the structure of terms and 
formulae. Since we haven’t given a proof of this kind for first-order formulae, 
we will give it in full. This will allow us to omit similar proofs later. First, 
we prove (1) by induction on terms. 


If t is a variable x; A x;, then 
(xj)m[s[xi = mJ] = s(x,) 


and 
(x;{m/z,])m[s] = (23) mls] = 5(2;), 
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establishing (1). 
If t is the variable x;, then 
(xi)m[s[2i = m]] = m 


and 
(x;[m/2;])mls] = (m)m[s] =m, 
establishing (1). 


If t is a constant c, then 


(c)m[slzi == mJ] = em = ems] = (clm/2:])mls], 


establishing (1). 
If tisaterm ft,...t,, then 
(ftx...te)wals[oi == ml] = faa((tr)aals[0i = ra], -., (te)als[es := ml). 
By the induction hypothesis, for every 7, 1 <7 <k, 
(t;)aals{xi := mi] = (tjlma/xi)) als). 
Hence, 


(ftr..te alsa = m]] = fr ((ti)aa[s[ai = ml], -.-, (te) asl == mJ) 
= fra ((ti[m/2i})mls], ---, (t/a) mals}) 
= (ftifm/a)]...t.[m/2i])m[s] 
= (¢{m/2;]) mls), 
establishing (1). 


This concludes the proof of (1). Next, we prove (2) by induction on 
formulae. 


If A is an atomic formula of the form Pt,...t,, then 
(Pt1...tk)m[s[ae = m]] = Pyr((ti) [sla = ml], ..., (te) m[s[ae >= ml). 
By part (1) of the lemma, for every j, 1 <j <k, 
(t;)m[s[ai = mJ] = (tj; [m/a:|)m[s).- 
Hence, 


(Pty...th)m[s[2i = m]] = Pu ((ti)m[s[2i = mI], ..., (te) m[s[ei -= mI]) 
= Pur((tilm/i])ma[s], ---; (te [m/2i])m[s]) 
= (Pti[m/2;]...t,[m/x;])m[s] 
= (Alm /a:]) mls}, 
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establishing (2). 
It is obvious that (2) holds for the constant L. 


If A is an atomic formula of the form = t,t2, then 
(= tite)m[s[ei = m]] = T iff (t1)a[slara = ml] = (t2)ma[s[ei == mi). 
By part (1) of the lemma, for 7 = 1,2, we have 
(tj )m[s[ai = ml] = (t;m/2;|)mIs)- 


Hence, 


establishing (2). 
If A is a formula of the form (B * C) where * € {A, V, D>, =}, we have 


(B «C)m[s[z; := m]] = *m(Bmu, Cm)[s[2; := m]] 
= H,(Bm[s[x; := ml], Cu[s[zi := m))). 
By the induction hypothesis, 


Bya|s[a; = m]] = (Bl[m/z;])m[s] and 
Curlslai := m]] = (Clm/a;)) ls]. 


Hence, 


(B* C)m([s[x; = ml] = A (Bmal[s[xi = mI], Cu[s[2i = m])) 
= H,(Blm/x;))mls],Clm/ai])ml[s]) = ((B * C)[m/2i]) mls}, 


establishing (2). 
If A is of the form —B, then 


(4B) m{[s[2i == m]] = -m(Bm1)[s[ti = m]] = Ha(Bu[s[2i == m)). 


By the induction hypothesis, 
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Hence, 


(>B)mls[ai = m]] = H-(Bu[s[xi == ml) 
= H_(Blm/x;|)m{s] = ((>B)[m/2i))m[s), 


establishing (2). 


If A is of the form Vx,;B, there are two cases. If «; # xj, then 


(Vz; B)m[s[x; = m]] = T iff 
Bu|s[x; = m][x; = al] = T for alla € M. 


By the induction hypothesis, 
Byy|s|a; = mlx; = al] = (Bla/x;|)m[s[ai = ml], 
and by one more application of the induction hypothesis, 
(Bla/x,])m[s[ai = m]] = (Bla/x;|[m/21]) mls}. 
By problem 5.2.3, since 2; # x; and m and a are constants, 
Bla/xj|[m/ai] = Blm/x]{a/x;]. 
Hence, 


Bu[s[x;i = m][x; := al] = T for alla € M iff 
(Bla/z,][m/zx;])m[s] = T for alla € M iff 
((B[m/z;])[a/z;])m[s] = T for alla € M. 


By the induction hypothesis, 
((Blm/z;})[a/7;|)m[s] = (Bim /2,])m[s[2j := al]. 
Hence, 


((B[m/z;])[a/xz;])m[s] = T for alla € M iff 
(B[m/x;])m[s[x; := al] = T for all a € M iff 
((va;B)[m/axi])m[s] = T, 


establishing (2). 


If x; = xj, then 


{xj =m) (a; =a] = sz; == a] and (Vz;B)[m/a;] = V2;B, 
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and so 
(Vz; B)m[s[z; :-= m]] = T iff 
Bu[s[x; = mI[x; := al] = T for alla € M iff 
Bui[s|x; := al] = T for alla € M iff 
(Vz;B)m[s] = T iff 
((ver;B)[im/2))nals] = T, 


establishing (2). 


The case in which A is of the form dz; B is similar to the previous case 
and is left as an exercise. This concludes the induction proof for (2). 


We can now prove that the new definition of the truth of a quantified 
formula is equivalent to the old one. 


Lemma 5.3.2 For any formula B, for any assignment s € [V — M] and 
any variable x;, the following hold: 


(1) (V2;B)m[s] = T iff (B[m/z;])m[s] = T for all m € M; 
(2) (Ar;B)m[s] = T iff (B[m/z;])m[s] = T for some m € M; 


Proof: Recall that 
(Vx;B)m[s] = T iff Bya[s[x; := m]] = T for all me M. 


By lemma 5.3.1, 


Hence, 


(Vz;B)m[s] = T iff 
(Bim /x;])m[s] = T for all me M, 


proving (1). 
Also recall that 


(Ax;B)m|s] = T iff Bu[s|x; := m]] = T for some me M. 


By lemma 5.3.1, 
Byy|s|x; = m]] = (Bim/x;|)m[s)- 


Hence, 


(Ax; B)m[s] = T iff 
(B{m/x;])m[s] = T for some m € M, 
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proving (2). 


In view of lemma 5.3.2, the recursive clauses of the definition of satis- 


faction can also be stated more informally as follows: 
ME (—A)[s] iff M KF Als], 
ME (AA B)[s] iff M — Als] andM — B{s], 
ME (AV B)[s] iff M — Als] or ME BIs], 
M E (AD B)[s] iff M F A[s] or ME B{s], 
ME (A= B)[s] iff (ME Al[s] if f M & B[s)]), 
M § (Vz;)A[s] iff M — (A[a/z;])[s] for every a € M, 
M § (S2;)A[s] iff M — (A[a/z;])[s] for some a € M. 


5.3.5 Free Variables and Semantics of Formulae 


If A is a formula and the set FV(A) of variables free in A is {y1,..., Yn}, for 
every assignment s, the truth value Ays|s] only depends on the restriction of 
s to {y1,..-, Yn}. The following lemma makes the above statement precise. 


Lemma 5.3.3 Given a formula A with set of free variables {y1,..., yn}, for 
any two assignments $1, 52 such that s1(y;) = s2(y;) for 1 <i<n, 


Am [sy] => Am [so]. 


Proof: The lemma is proved using the induction principle for terms and 
formulae. First, let t be a term, and assume that s, and s2 agree on FV(t). 


If t = c (a constant), then 
tm[s1] = CM = twi[S2]- 


If t = y (a variable), then 


tm[si] = 81(y) = $2(y) = tu[59], 


since FV(t) = {y} and s; and sg agree on F'V(t). 
If t = ft,...tn, then 


tmlsi] = ft ((t1)aalsi], ---; (én) mali]. 


Since every F'V(t;) is a subset of FV(t), 1 <i <n, and s, and s2 agree on 
FV(t), by the induction hypothesis, 


(ti) [si] = (ti) m[59], 


170 5/First-Order Logic 


for alli, 1 <i<n. Hence, 


tmlsi] = ft ((t1)ma[si], ---; (én) mal s1]) 
= fra ((t1) alsa], ---; (tr) mal$2]) = taal se]. 


Now, let A be a formula, and assume that s; and s2 agree on FV(A). 
If A = Pty...tn, since FV(t;) is a subset of FV(A) and s; and s2 agree 
on F'V(A), we have 
(ti)m[si] = (ti) also], 


1<i<n. But then, we have 


If A = = tyte, since FV(t,) and FV(t2) are subsets of FV(t) and s1 
and s2 agree on FV(A), 


(t1) [si] = (t1)m[s2] and (t2)m[si] = (t2)m[sa], 


and so 
Am|s1] = Am[s9]. 


The cases in which A is of the form (BV C), or (BAC), or (B D C), or 
(A = B), or 7B are easily handled by induction as in lemma 3.3.1 (or 5.3.1), 
and the details are left as an exercise. Finally, we treat the case in which A 
is of the form VrB (the case 4xB is similar). 

If A = VaB, then FV(A) = FV(B) — {x}. First, recall the following 
property shown in problem 5.2.4: For every constant c, 


FV(B{c/x]) = FV(B) — {x}. 
Recall that from lemma 5.3.2, 
Am [si] = T iff (Bla/z])m[s1] = T for every ac M. 


Since s; and sz agree on FV(A) = FV(B)—{x} and FV(B[a/a]) = FV(B)— 
{x}, by the induction hypothesis, 


(Bla/z])m[s1] = (Bla/z])m[s2] for every a € M. 
This shows that 


(Bla/x])mlsi] = T iff (Bla/2])ml[s2] = T, 
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that is, 
Am|[s1] => Am|[s2]- 


As a consequence, if A is a sentence (that is FV(A) = 0) the truth value 
of A in M is the same for all assignments. Hence for a sentence A, for every 
structure M, 


either ME A or ME -A. 


5.3.6 Subformulae and Rectified Formulae 


In preparation for the next section in which we present a Gentzen system that 
is sound and complete with respect to the semantics, we need the following 
definitions and lemmas. 


Definition 5.3.9 Given a formula A, a formula X is a subformula of A if 
either: 


(i) A= Pty...t, and X = A, or 
(ii) A= = tyt2 and X = A, or 

(iii) A=L and X = A, or 

(iv) A = (B*C) and X = A, or X is a subformula of B, or X isa 
subformula of C, where * € {A,V,>,=}, or 

(v) A=-B and X = A, or X is a subformula of B, or 


(vi) A= VxB and X = A, or X is a subformula of B[t/z] for any term 
t free for x in B, or 


(vii) A= 4e¢B and X = A, or X is a subformula of B[t/x] for any term 
t free for x in B. 


Definition 5.3.10 A quantifier V (or 4) binds an occurrence of a variable x 
in A iff A contains a subformula of the form VxB (or J7B). 


A formula A is rectified if 
(i) FV(A) and BV(A) are disjoint and 


(ii) Distinct quantifiers in A bind occurrences of distinct variables. 


The following lemma for renaming variables apart will be needed later. 


Lemma 5.3.4 (i) For every formula A, 


E VaA = VyAly/a] 


and 


F deA = dyAly/a], 
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for every variable y free for x in A and not in FV(A) — {cz}. 


(ii) There is an algorithm such that, for any input formula A, the algo- 
rithm produces a rectified formula A’ such that 


ELE A=A' 


(that is, A’ is semantically equivalent to A). 
Proof: We prove (i), leaving (ii) as an exercise. First, we show that for 
every term t and every term r, 


t{r/xz] = tly/z|[r/y], if y is not in FV(t) — {a}. 


The proof is by induction on the structure of terms and it is left as an exercise. 
Now, let A be a formula, M be a structure, s an assignment, and a any 
element in M/. We show that 


(A[a/2])m[s] = (Aly/2][a/yl) mls}, 


provided that y is free for x in A, and that y ¢ FV(A) — {x}. 


This proof is by induction on formulae. We only treat the case of quan- 
tifiers, leaving the other cases as an exercise. We consider the case A = VzB, 
the case 4zB being similar. Recall that the following property was shown in 
problem 5.2.5: 


If y is not in FV(A), then A[t/y] = A for every term t. Also recall that 


FV(A) = FV(B) — {2}. 


If z = a, since y ¢ FV(A) — {a} = FV(A) — {z} and z is not free in A, we 
know that x and y are not free in A, and 


Ala/z] = A, Aly/xz] = A, and Ala/y] = A. 


If z Aa, then 
Ala/x] = VzBla/z]. 


Since y is free for x in A, we know that y # z, y is free for x in B, and 
Aly/2][a/y] = VzBly/z]la/y] 
(a constant is always free for a substitution). Furthermore, since y € F'V(A)— 


{xz}, FV(A) = FV(B) — {z} and z 4 y, we have y ¢ FV(B) — {x}. By the 
induction hypothesis, 


(Bla/z]) ms] = (Bly/2]la/yl)mls] for every a € M, 
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which proves that 
(Ala/2))aa[s] = (Aly/z]la/y)) mals] for every a € M. 


(ii) This is proved using the induction principle for formulae and re- 
peated applications of (i). 


EXAMPLE 5.3.3 
Let 
A= (Va(Ray D Px) \Vy(-=Raey \VaP2x)). 


A rectified formula equivalent to A is 


B= (Vu(Ruy D Pu) AVo(>Rav AVzP2z)). 
From now on, we will assume that we are dealing with rectified formulae. 


5.3.7 Valid Formulae Obtained by Substitution in Tau- 
tologies 


As in propositional logic we will be particularly interested in those formulae 
that are valid. An easy way to generate valid formulae is to substitute formulae 
for the propositional symbols in a propositional formula. 


Definition 5.3.11 Let L be a first-order language. Let PSo be the subset 
of PS consisting of all predicate symbols of rank 0 (the propositional letters). 
Consider the set PRO Py, of all L-formulae obtained as follows: PROP, con- 
sists of all L-formulae A such that for some tautology B and some substitution 


a: PS,9 — FORM, 
assigning an arbitrary formula to each propositional letter in PSo, 
A=4(B), 
the result of performing the substitution o on B. 


EXAMPLE 5.3.4 
Let 
B=(P=Q)=((PIQ)A(QD P)). 
If o(P) = VxC and o(Q) = Ay(C A D), then 


A= (Va = Jy(C A D)) = ((WaC D Ay(C A D)) A (Ay(C A D) D V«C)) 


is of the above form. 
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However, note that not all L-formulae can be obtained by substituting 
formulae for propositional letters in tautologies. For example, the formulae 
VaeC and dy(C A D) cannot be obtained in this fashion. 


The main property of the formulae in PROP, is that they are valid. 
Note that not all valid formulae can be obtained in this fashion. For example, 
we will prove shortly that the formula ~VzA = dxr—A is valid. 


Lemma 5.3.5 Let A be a formula obtained by substitution into a tautology 
as explained in definition 5.3.11. Then A is valid. 


Proof: Let a : PSg —~ FORM, be the substitution and B the propo- 
sition such that o(B) = A. First, we prove by induction on propositions 
that for every L-structure M and every assignment s, for every formula A in 
PROP,, if v is the valuation defined such that for every propositional letter 


then 
v(B) = Ams). 


The base case B = P is obvious by definition of v. If B is of the form 
(C * D) with * € {V,A,D, =}, we have 


o((C * D)) = H.(0(C), O(D)), 
a((C * D)) = (a(C) * a(D)), 
(@((C * D))) mls] = (6(C) * o(D)) mls] 


By the induction hypothesis, 


Hence, 


as desired. 


If B is of the form 7C, then we have 


W(7C) = H-(0(C)), G(-C) = 74(C), 
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By the induction hypothesis, 


Hence, 


0(-C) = H-(0(C)) = HA ((4(C)) mIs]) = (4(-C)) ls], 


as desired. This completes the induction proof. To conclude the lemma, 
observe that if B is a tautology, 


3(B) = T. 


Hence, by the above property, for every structure M and every assignment s, 
there is a valuation v such that 0(B) = Am|[s], and so Am|[s] = T. 


5.3.8 Complete Sets of Connectives 


As in the propositional case, the logical connectives are not independent. The 
following lemma shows how they are related. 


Lemma 5.3.6 The following formulae are valid for all formulae A,B. 


(A= B)=((AD B)A(BD A)) (1) 
(AD B) = (AAV B) (2) 
(AV B) =(-AD B) (3) 
(AV B) =7>(-A A 7B) (4) 
(AA B) =7(-AV 7B) (5) 
nA= (ADL) (6) 
1=(AA-W7A) (7) 
wWarA = dr-7A (8) 
ad2A =Va7A (9) 
VaA = 74r7A (10) 
qr A = -Va7A (11) 


Proof: The validity of (1) to (7) follows from lemma 5.3.5, since these 
formulae are obtained by substitution in tautologies. To prove (8), recall that 
for any formula B, 


(VzB)m[s] = T iff Bys[s[a := ml] = T for all me M, 


and 


(A¢B)m[s] = T iff Bys[s[z := m]] = T for some me M. 
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Furthermore, 
(=B)m[s] = T iff Bu[s] = F. 


Hence, 


(-VxrA)m[s] = T iff 
(Va A)m[s] = F iff 
Am [s|x := m]] = F for some m € M iff 
(7A)m[s|z := m]] = T for some m € M iff 
daA)m[s] = T. 


— 


The proof of (9) is similar. 
To prove (11), observe that 


(-Vr7A)m[s] = T iff 
(Va A)m[s] = F iff 
(7A)m[s|x := m]] = F for some m € M, iff 
Am[s[z := m]] = T for some m € M, iff 
4xA)m[s] = T. 


— 


The proof of (10) is similar. 


The above lemma shows that, as in the propositional case, we can restrict 
our attention to any functionally complete set of connectives. But it also shows 
that we can either dispense with 4 or with V, taking 4xA as an abbreviation 
for =Va—A, or VxA as an abbreviation for =da—A. 


In the rest of this text, we shall use mostly the set {A, V, 7, D,V, 4} even 
though it is not minimal, because it is particularly convenient and natural. 
Hence, (A = B) will be viewed as an abbreviation for ((A D B) A (BD A)) 
and L as an abbreviation for (P A =P). 


5.3.9 Logical Equivalence and Boolean Algebras 


As in the propositional case, we can also define the notion of logical equiva- 
lence for formulae. 


Definition 5.3.12 The relation ~ on FORM, is defined so that for any 
two formulae A and B, 


A~B ifandonlyif -(A=B). 


We say that A and B are logically equivalent, or for short, equivalent. 


It is immediate to show that ~ is an equivalence relation. The following 
additional properties show that it is a congruence in the sense of Subsection 
2.4.6 (in the Appendix). 
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Lemma 5.3.7 For all formulae A, A’, B, B’, the following properties hold: 
If A~ A’ and B ~ B’ then, for * € {A,V,D, =}, 


(Ax B)~ (A'* B), 
AAA’, 
VaA ~ VarA' and 
qrA~ AexA’. 


Proof: First, we note that a formula (A = B) is valid iff for every 
structure M and every assignment s, 


Am [s] = Bm [s]. 


Then, the proof is similar to the proof of the propositional case (lemma 3.3.5) 
for formulae of the form (A * B) or 7A. 


Since 
(V2A)m[s] = T iff Aw[s[z := m]] = T for all me M, 
and A ~ A’ implies that 
Ams] = Ajy[s] for all M and s, 
then 


Am|s[a := m]] = T for all m € M iff 
Ayals[z := m]] = T for all m € M iff 
(VzA')m[s] = T. 


Hence VxA and VxA’ are equivalent. The proof that if A ~ A’ then 
drA ~ AxrA’ is similar. 


In the rest of this section, it is assumed that the constant symbol T is 
added to the alphabet of definition 5.2.1, and that T is interpreted as T. By 
lemma 5.3.5 and lemma 3.3.6, the following identities hold. 


Lemma 5.3.8 The following identities hold. 


Associativity rules: 
(AV B)VC) 2 (AV(BVC)) (AAB)AC)2(AA(BAC)) 
Commutativity rules: 
(AV B)~(BV A) (AA B)~(BAA) 
Distributivity rules: 
(AV (BAC)) = (AV B)A(AVC)) 
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(AA (BVC)) = (AA B) V (AAC)) 
De Morgan’s rules: 

-(AV B) + (AAAAB) 7=(AAB)& (AAV -B) 
Idempotency rules: 
(AVA)2A (AAA)LA 
Double negation rule: 
aAAYA 
Absorption rules: 
(AV(AAB))~A (AA(AVB)) 2A 
Laws of zero and one: 

(AV L)~A (AAL)&L 
(AVT)2%T (AAT)&2A 
(AV AA) &T (AATA) &L 


Let us denote the equivalence class of a formula A modulo ~ as [A], and 
the set of all such equivalence classes as By. As in Chapter 3, we define the 
operations +, * and — on By as follows: 


[A] + [B] = [Av BI, 
[A] « [B] = [AA B], 
[A] = [>A]. 


Also, let 0 = [L] and 1 = [7]. 


By lemma 5.3.7, the above functions (and constants) are independent of 
the choice of representatives in the equivalence classes, and the properties of 
lemma 5.3.8 are identities valid on the set By of equivalence classes modulo 
~. The structure By is a boolean algebra called the Lindenbaum algebra of L. 
This algebra is important for studying algebraic properties of formulae. Some 
of these properties will be investigated in the problems of the next section. 


Remark: Note that properties of the quantifiers and of equality are not 
captured in the axioms of a boolean algebra. There is a generalization of the 
notion of a boolean algebra, the cylindric algebra, due to Tarski. Cylindric 
algebras have axioms for the existential quantifier and for equality. However, 
this topic is beyond the scope of this text. The interested reader is referred 
to Henkin, Monk, and Tarski, 1971. 


PROBLEMS 
PROBLEMS 


5.3.1. Prove that the 


following formulae are valid: 


VaAD Alt/z], Alt/z] D AvA 
where t is free for x in A. 


P| 
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5.3.2. Let x, y be any distinct variables. Let A be any formula, C’ any 
formula not containing the variable x free, and let E' be any formula 
such that « is free for y in E. Prove that the following formulae are 
valid: n 

VaC=C dzC=C 
VaVyA = VyVacA drdyA = dysrA 
VaVyE D VeE|a/y] drE|x/y] > ArdyE 

VtA D> dxA 
drVyA D> VysrA 

5.3.3. Let A, B be any formulae, and C any formula not containing the 

variable x free. Prove that the following formulae are valid: 
adrA =VacnA AVaeA = dr7A 
drA = -Var7AA Va A = 742A 
Va A AVaB =Va(AA B) AvAV dxB = sr(AV B) 
CAVtA =Va(C A A) CV AvA = Ax(C Vv A) 
CAArA = Ax(C A A) CV VaA =Va(C Vv A) 
da(A AB) > ArAAALB VeAVVeB D Vx(AV B) 
5.3.4. Let A, B be any formulae, and C any formula not containing the 
variable x free. Prove that the following formulae are valid: 
(C DVaA) =Vax(C D A) (C D Av A) = Ar(C D A) 
(Va@A DC) =3r(ADC) (avA DC) = Va(A DC) 
(VaA D J¢B) = Ax(A D B) 
(ArA DVrB) Dd Va(AD B) 
5.3.5. Prove that the following formulae are not valid: 
Alt/z] DVaA, ArAD Alt/z], 
where t is free for x in A. 
5.3.6. Show that the following formulae are not valid: 


dtADVaA 
VydaA dD AxeVyA 

tA A ArBD Ax(AA B) 

Va(AV B) DVtAVVaB 
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5.3.7. 


5.3.8. 


5.3.9. 


5.3.10. 


5.3.11. 


5.3.12. 


5.3.13. 
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Prove that the formulae of problem 5.3.4 are not necessarily valid if 
x is free in C. 


Let A be any formula and B any formula in which the variable x does 
not occur free. 


(a) Prove that 
if EF (BDA), then — (BD VzerA), 


and 


if —E (ADB), then — (SrA D B). 


(b) Prove that the above may be false if « is free in B. 


Let L be a first-order language, and M be an L-structure. For any 
formulae A, B, prove that: 


(a) ME A> B implies that (M - A implies M £ B), 


but not vice versa. 


(b) Af B implies that (E A implies | B), 


but not vice versa. 


Given a formula A with set of free variables FV(A) = {21,..., tn}, 
the universal closure A’ of A is the sentence Vx1...Vz,A. Prove that 
A is valid iff Vz,...Vr,A is valid. 


Let L be a first-order language, [ a set of formulae, and B some 
formula. Let I’ be the set of universal closures of formulae in I. 


Prove that 


I. — B implies that I’ E B 


l 


’ 
but not vice versa. 


Let L be the first-order language with equality consisting of one 
unary function symbol f. Write formulae asserting that for every 
L-structure M: 


(a) f is injective 

(b) f is surjective 

(c) f is bijective 

Let L be a first-order language with equality. 


Find a formula asserting that any L-structure M has at least n ele- 
ments. 
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5.3.14. Prove that the following formulae are valid: 


valy(x = y) 
Alt/z] = Va((a = t) D A), if a ¢ Var(t) and t is free for x in A. 
Alt/x] = da((a = t) A A), if « ¢ Var(t) and t is free for x in A. 


*« 5.3.15. Let A and B be two L-structures. A surjective function h: A — B 
is a homomorphism of A onto B if: 


(i) For every n-ary function symbol f, for every (a1,...,@n) € A”, 
A(fa(a1,-5@n)) = fa(h(ar),-,h(an)); 


(ii) For every constant symbol c, h(ca) = cp; 


(iii) For every n-ary predicate symbol P, for every (@1,...,dn) € A”, 


if Pa(ay,..,@,)=T then Pp(h(az),...,h(an)) = T. 


Let ¢ be a term containing the free variables {y1,...,yn}, and A 
be a formula with free variables {y1,...,yn}. For any assignment s 
whose restriction to {y1,...,Yn} is given by s(y;) = a;, the notation 
t[a1,...,@n] is equivalent to t[s], and A[aj,...,an] is equivalent to A[s]. 


(a) Prove that for any term t, if ¢ contains the variables {y1,..., yn}, 
for every (@1,...,@,) € A”, if h is a homomorphism from A onto B, 
then 

A(ta[ai, ...,@n]) = tp[h(ar), ..., h(an)], 


even if h is not surjective. 


A positive formula is a formula built up from atomic formulae (ex- 
cluding L), using only the connectives A, V and the quantifiers V, 


(b) Prove that for any positive formula X, for every (a1,...,dn) € A”, 


if AE X[aj,...,a,] then BE X[h(a,),...,h(an)], 


where h is a homomorphism from A onto B (we say that positive 
formulae are preserved under homomorphisms). 


A strong homomorphism between A and B is a homomorphism h : 
A — Bsuch that for any n-ary predicate P and any (a1,...,d@n) € A”, 


Pa(ai,.5@n)=T iff Pp(h(az),...,h(an)) = T. 


An isomorphism is a bijective strong homomorphism. 
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5.3.16. 


* 5.3.17. 
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(c) If L is a first-order language without equality, prove that for any 
formula X with free variables {y1,..., yn}, for any (a1,...,@n) € A”, if 
h is a strong homomorphism of A onto B then 


AE X[q,...,@n] iff BE X[h(a1),...,h(an)]. 


(d) If L is a first-order language with or without equality, prove that 
for any formula X with free variables {y1, ..., yn}, for any (@1,...,@n) € 
A”, if h is an isomorphism between A and B then 


AE X[aq,...,@,] iff BE X[h(a,),...,h(an)]. 


(e) Find two structures, a homomorphism h between them, and a 
nonpositive formula X that is not preserved under h. 


Let A be the sentence: 


VarR(a, x) \VaVyV2(R(a2,y) A Rly, z) D R(x, z))A 
VadyR(x, y). 


Give an infinite model for A and prove that A has no finite model. 


The monadic predicate calculus is the language L with no equality 
having only unary predicate symbols, and no function or constant 
symbols. Let M be an L-structure having n distinct unary predicates 
Q1,.-5Qn on M. Define the relation = on M as follows: 


a=b_ iff 
Qi(a)=T iff Qi(b) =T, for alli, 1 <i<n. 


(a) Prove that & is an equivalence relation having at most 2” equiv- 


alence classes. 


Let M/ = be the structure having the set M// = of equivalence classes 
modulo & as its domain, and the unary predicates Rj,...,R, such that, 
for every equivalence class Z, 


R(z)=T iff Q(x) =T. 
(b) Prove that for every L-formula A containing only predicate sym- 
bols in the set {P1,..., Pn}, 


MEA iff M/2KA, 


and that 


EA iff 
ME A for all L-structures M with at most 2” elements. 
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5.3.18. 
5.3.19. 


* 5.3.20. 


(c) Using part (b), outline an algorithm for deciding validity in the 
monadic predicate calculus. 


Give a detailed rectification algorithm (see lemma 5.3.4(ii)). 


Let A and B be two L-structures. The structure B is a substructure 
of the structure A iff the following conditions hold: 


(i) The domain B is a subset of the domain A; 


(ii) For every constant symbol c, 
CB = CA; 


(iii) For every function symbol f of rank n > 0, fp is the restriction 
of fa to B”, and for every predicate symbol P of rank n > 0, Pg is 
the restriction of Pa to B”. 


A universal sentence is a sentence of the form 
V21..VimB, 
where B is quantifier free. Prove that if A is a model of a set T of 


universal sentences, then B is also a model of I. 


In this problem, some properties of reduced products are investigated. 
We are considering first-order languages with or without equality. 


The notion of a reduced product depends on that of a filter, and the 
reader is advised to consult problem 3.5.8 for the definition of filters 
and ultrafilters. 


Let I be a nonempty set which will be used as an index set, and let 
D be a proper filter over I. Let (A;)ier be an J-indexed family of 
nonempty sets. The Cartesian product C’ of these sets, denoted by 


[]4 
ie 
is the set of all J-indexed sequences 
f:l- U A; 
ier 


such that, for each 7 € I, f(i) € A;. Such I-sequences will also be 
denoted as < f(i) |i eI >. 
The relation =p on C is defined as follows: 


For any two functions f,g € C, 


f=pg if {4eI| fi) =g(i)} € D. 
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In words, f and g are related iff the set of indices on which they 
“agree” belongs to the proper filter D. 
(a) Prove that =p is an equivalence relation. 


(b) Let L be a first-order language (with or without equality). For 
each i € I, let A; be an L-structure. We define the reduced product 
B of the (A;);er modulo D, as the L-structure defined as follows: 


(i) The domain of B the set of equivalence classes of 
[4 
icl 

modulo =p. 


(ii) For every constant symbol c, c is interpreted in B as the equiva- 
lence class 
[<ca, |iE1>]p. 


(iii) For every function symbol f of rank n > 0, f is interpreted as the 
function such that, for any n equivalence classes G! = [< g'(i) | i € 
I >|p,...,G" = [< g"(t) |i eI >]p, 


fa(G',..,G”) = [< fa. (g' @,.59"°(@) | iE I>]. 


(iv) For every predicate symbol P of rank n > 0, P is interpreted 
as the predicate such that, for any n equivalence classes G! = [< 
g (4) |te I >]p,...,4" = [< g(é) |t EI >], 


Pg(G',...,G")=T iff {i€I| Pa,(g'(4),...,9"()) =T} € D. 


The reduced product B is also denoted by 


[[(4dier- 


D 


(c) Prove that =p is a congruence; that is, that definitions (ii) to 
(iv) are independent of the representatives chosen in the equivalence 
classes G',...,G”. 


Let B be the reduced product 


[[Gadier 


D 


as defined in problem 5.3.20. When D is an ultrafilter, B is called an 
ultraproduct. 
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* 5.3.22. 


(a) Prove that for every term t with free variables {y1, ..., yn}, for any 
n equivalence classes G! = [< gi (i) |i € I >]p,...,G”" = [< g"(i) |ie€ 
I >|b in B, 


tp[C!,..., G"] = [< ta, [g"(i),...9"@] | € >I. 


(b) Let D be an ultrafilter. Prove that for any formula A with free 
variables FV(A) = {y1,---; Yn}, for any n equivalence classes G! = [< 
g' (i) |i I >]p,...,G" = [< g(t) | I >] mB 


BEAG!,...,G"] iff {6E1| A; & Alg'(2),...,9"(@]} € D. 


(c) Prove that if D is an ultrafilter, for every sentence A, 


BEA iff {ier| A; A}eD. 


Hint: Proceed by induction on formulae. The fact that D is an 
ultrafilter is needed in the case where A is of the form —=B. 


This problem generalizes problem 3.5.10 to first-order logic. It pro- 
vides a proof of the compactness theorem for first-order languages of 
any cardinality. 


(a) Let T be a set of sentences such that every finite subset of T is 
satisfiable. Let I be the set of all finite subsets of I, and for each 
i€ TI, let A; be a structure satisfying 7. For each sentence A € I, let 


A* ={iel| Aci}. 


Let 
C={A* | AeT}. 


Note that C has the finite intersection property since 
{Aj,..., An} € APN... AG. 


By problem 3.5.8, there is an ultrafilter U including C, so that every 
A* isin U. If i € A*, then A € i, and so 


A, FA. 


Thus, for every A in I’, A* is a subset of the set {1 € I | A; — A}. 
Show that 


{ieIT| A; EA} eU. 


(b) Show that the ultraproduct B (defined in problem 5.3.20) satisfies 
T. 
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*k 5.3.23. 


* 5.3.24. 


* 5.3.25. 
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Given a first-order language L, a Itteral is either an atomic formula 
or the negation of an atomic formula. A basic Horn formula is a 
disjunction of literals, in which at most one literal is positive. The 
class of Horn formulae is the least class of formulae containing the 
basic Horn formulae, and such that: 


(i) If A and B are Horn formulae, so is A A B; 
(ii) If A is a Horn formula, so is Vx A; 


(iii) If A is a Horn formula, so is 4x A. 


A Horn sentence is a closed Horn formula. 


Let A be a Horn formula, and let (A;);c7 be an J-indexed family of 
structures satisfying A. Let D be a proper filter over D, and let B 
be the reduced product of (A;)i;ey modulo =p. 
(a) Prove that for any n equivalence classes G! = [< g!(i) |ie I > 
|p,..,G” = [< g"(t) | EL >]p mB, 
if {ic I| A; Kk Alg’(i),...,9"()]} © D then 
Bk A[G’,...,G™]. 


(b) Given a Horn sentence A, 


if A;EA forall €J, then BEA. 


(We say that Horn sentences are preserved under reduced products.) 


(c) If we let the filter D be the family of sets {I}, the reduced product 
B is called the direct product of (Aj)ier. 


Show that the formula A below (which is not a Horn formula) is 
preserved under direct products, but is not preserved under reduced 
products: 


A is the conjunction of the boolean algebra axioms plus the sentence 


daVy((z #0) A (zey=yD (y= aVy=0))). 


Show that in the proof of the compactness theorem given in problem 
5.3.22, if [ is a set of Horn formulae, it is not necessary to extend C 
to an ultrafilter, but simply to take the filter generated by C. 


Let L be a first-order language. Two L-structures M; and Mg are 
elementary equivalent iff for every sentence A, 


M,iFA iff M2- A. 


Prove that if there is an isomorphism between M, and Mg, then M, 
and Mg are elementary equivalent. 
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Note: The converse of the above statement holds if one of the struc- 
tures has a finite domain. However, there are infinite structures that 
are elementary equivalent but are not isomorphic. For example, if 
the language L has a unique binary predicate <, the structure Q of 
the rational numbers and the structure R of the real numbers (with 
< interpreted as the strict order of each structure) are elementary 
equivalent, but nonisomorphic since Q is countable but FR is not. 


5.4 Proof Theory of First-Order Languages 


In this section, the Gentzen system G" is extended to first-order logic. 


5.4.1 The Gentzen System G for Languages Without 
Equality 


We first consider the case of a first-order language L without equality. In 
addition to the rules for the logical connectives, we need four new rules for 
the quantifiers. The rules presented below are designed to make the search for 
a counter-example as simple as possible. In the following sections, sequents 
are defined as before but are composed of formulae instead of propositions. 
Furthermore, it is assumed that the set of connectives is {A,V,>,7,V,4}. By 
lemma 5.3.7, there is no loss of generality. Hence, when = is used, (A = B) 
is considered as an abbreviation for ((A D B) A(B D A)). 


Definition 5.4.1 (Gentzen system G for languages without equality) The 
symbols I’, A, A will be used to denote arbitrary sequences of formulae and A, 
B to denote formulae. The rules of the sequent calculus G are the following: 


DABASA (ier DLoOAAA TOABA A ony 
T.AAB, ASSAY T= A,AAB,A wee 
PAASA DBASAM gy LOMABA pony 
T,AVB,A—>A ee aN ASB. 
PASAA BEAM Og) ATA BAA AO. any 
T,ADB,A—>A CL Tea BA eo 
TeaspAhn ATA: Fos 
Patna Paneaan 


In the quantifier rules below, x is any variable and y is any variable free 
for x in A and not free in A, unless y = x (y € FV(A) — {x}). The term t is 
any term free for x in A. 
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T, A[t/z],V2A, A> A 
T,VrtA, A> A 


PA, Aly/z],A 
TS A,VacA,A 


(V: left) 


— 


VY: right) 


Pr, Aly/z],4 > A 
T,arA,A-A 


[5 A, Aft/a],4vA,A 
T > A,ArA,A 


(4: left) (4: right) 


Note that in both the (V : right)-rule and the (3 : le ft)-rule, the variable 
y does not occur free in the lower sequent. In these rules, the variable y is 
called the eigenvariable of the inference. The condition that the eigenvariable 
does not occur free in the conclusion of the rule is called the etgenvariable 
condition. The formula Vx2A (or 4xA) is called the principal formula of the 
inference, and the formula A[t/z] (or A[y/a]) the side formula of the inference. 


The axioms of G are all sequents  — A such that T and A contain a 
common formula. 


5.4.2 Deduction Trees for the System G 


First, we define when a sequent is falsifiable or valid. 


Definition 5.4.2 (i) A sequent Aj,..., 4m > Bi,..., Bry is falsifiable iff for 
some structure M and some assignment s: 


ME (Ay A A Am A AB, one A -=B,,)(s}. 


Note that when m = 0 the condition reduces to 


ME (7B, A... \7B,)[s] 


and when n = 0 the condition reduces to 


ME (A, A... A Am)[s]- 


(ii) A sequent Ay,...,Am — Bi,...,Bn is valid iff for every structure M 
and every assignment s: 


ME (7Ay V ae V aAAm V By, Viu.V B,)[s]. 


This is denoted by 
[= Ai, pani _ By, tery dn’ 


Note that a sequent is valid if and only if it is not falsifiable. 


Deduction trees and proof trees for the system G are defined as in defi- 
nition 3.4.5, but for formulae and with the rules given in definition 5.4.1. 
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EXAMPLE 5.4.1 
Let A = 4 


x(P Dd Q(2)) D (P D 3AzQ(z)), where P is a propositional 
symbol and @ a unary predicate symbol. 


Q(y1),P > 3zQ(z) 


P,P D> Q(y1) > AzQ(z) 


PDQ) > P > 32Q(2) 


P = P,AzQ(z) 


dr(P D> Q(x)) = PD 3AzQ(z) 
— da(P > Q(2)) D (PD 3zQ(z)) 


The above is a proof tree for A. Note that Ply, /z] = P. 


EXAMPLE 5.4.2 
Let A = (VaP(x) AF 


yQ(y)) > (P(f(v)) AA 


zQ(z)), where P and Q are 
unary predicate symbols, and f is a unary function symbol. The tree 
below is a proof tree for A. 


P(f(v)),VeP(x), Q(u) > Qu), 3zQ(z) 
P(f(v)), VeP(x), Q(u) > AzQ(z) 


P(f(v)), VeP(z), dyQ(y) > 3zQ(z) 
P(f(v)), VaeP(x),J 


VeP(x),4 


) 
VeP(x) A SyQ(y) > P(F(e)) 
> (VeP(x) A AyQ(y)) > (P(f(e)) A 3zQ(z)) 


where II = P(f(v)),VaP(a) 


»IyQ(y) > P(F(v)). 

5.4.3 Soundness of the System G 

In order to establish the soundness of the system G, the following lemmas will 
be needed. 


Lemma 5.4.1 (i) For any two terms ¢ and r, 


(r[t/z])m[s] = (r[a/z])m[s], where a = tyy[s]. 
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(ii) If t is free for x in A, then 


(A[t/2z])m[s] = (A[a/z]) m[s], where a = tya[s]. 


Proof: The lemma is shown using the induction principle for terms and 
formulae as in lemma 5.3.1. The proof of (i) is left as an exercise. Since the 
proof of (ii) is quite similar to the proof of lemma 5.3.1, we only treat one 
case, leaving the others as an exercise. 


Assume A = VzB. If z= «a, then A[t/x] = A, and A[a/a] = A. If x ¥ z, 
since ¢ is free for x in A, z ¢ FV(t), t is free for x in B, 


Alt/z] =VzB[t/a| and A[a/x] = VzBla/z]. 


By problem 5.2.6, the following property holds: If t is free for x in B, 
x #z and z is not in FV(t), for every constant d, 
Blt /x]|d/z] = Bld/z][t/z]. 


Then, for every c € M, by the induction hypothesis, 


(Blt/2|[c/z])m[s] = (Ble/2|[t/2]) Is] 
= (Ble/z][a/z]) mls] = (Bla/2][c/z]) ls}, 


with a = tm[s]. But this proves that 


(vzB[t/2])m[s] = (V2Bla/z]) mls), 


as desired. 


Lemma 5.4.2 For any rule stated in definition 5.4.1, the conclusion is falsi- 
fiable in some structure M if and only if one of the premises is falsifiable in the 
structure M. Equivalently, the conclusion is valid if and only if all premises 
are valid. 


Proof: We prove the lemma for the rules V: right and V : left, leaving 
the others as an exercise. In this proof, the following abbreviating conventions 
will be used: If T (or A) is the antecedent of a sequent, 


M E Is] 


means that 


ME Als] 


for every formula A € IT, and if A (or A) is the succedent of a sequent, 


MK A{s] 
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means that 
MK Bis] 


for every formula B € A. 


(i) Assume that T — A, Aly/z], A is falsifiable. This means that there 
is a structure M and an assignment s such that 
MET(s, MK Als], 
M F (Aly/2})[s] and MF A{s). 


Recall that 
M § (VzA)[s] 


iff 
M § (Ala/z])[s] for every a € M. 


Since y is free for x in A, by lemma 5.4.1, for a = s(y), we have 


(Aly/2]) mals] = (A[a/x]) nals]. 


Hence, 
M F (VvaA)|s], 


which implies that [T > A,VxA, A is falsified by M and s. 


Conversely, assume that M and s falsify T — A,VaA, A. In particular, 
there is some a € M such that 


M & (Afa/z))[s].- 


Let s’ be the assignment s(y := a). Since y ¢ FV(A) — {x} and y is free for 
x in A, by lemma 5.3.3 and lemma 5.4.1, then 


M # (Aly/z})|[s']. 
Since y does not appear free in IT’, A or A, by lemma 5.3.3, we also have 
M EI{s’], M & Afs’] and M K Als’). 


Hence, M and s’ falsify T — A, Aly/z], A. 


(ii) Assume that M and s falsify T, A[t/az],V2A, A — A. Then, it is 
clear that M and s also falsify [,V7A, A — A. 


Conversely, assume that M and s falsify [, V2A, A > A. Then, 


ME I{s], M — (Va2A)[s], 
ME Als] and M Als]. 
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In particular, 
M § (Ala/z])[s] for every a € M. 


By lemma 5.4.1, for a = tm[s], we have 
(A[t/2])m[s] = (A[a/2])m[s}, 


and so 


M F (A[t/z])[s}. 
Hence, M and s also falsify T, A[t/x], VzA, A — A. 


As a consequence, we obtain the soundness of the system G. 


Lemma 5.4.3 (Soundness of G) Every sequent provable in G is valid. 


Proof: Use the induction principle for G-proofs and the fact that the 
axioms are obviously valid. 


We shall now turn to the completeness of the system G. For that, we 
shall modify the procedure expand. The additional complexity comes from 
the quantifier rules and the handling of terms, and we need to revise the 
definition of a Hintikka set. We shall define the concept of a Hintikka set with 
respect to a term algebra H defined in the next section. First, we extend the 
notation for signed formulae given in definition 3.5.3 to quantified formulae. 


5.4.4 Signed Formulae and Term Algebras (no Equality 
Symbol) 


We begin with signed formulae. 


Definition 5.4.3 Signed formulae of type a, type b, type c, and type d and 
their components are defined in the tables below. 


Type-a formulae 
A Aj Ag 
T(X AY) TX TY 
F(X VY) FX FY 
F(X DY) TX FY 
T(7-X) FX FX 
F(AX) TX TX 


Type-b formulae 
B B, By 
P(X AY) PX FY 


TY) TS. PY 
EXD). CPX TY 


5.4 Proof Theory of First-Order Languages 193 


Type-c formulae 
C Cy C2 


TV“zY TY [t/a] TY [t/a] 
F3AxrY FY [t/a] FY [t/a] 


where t is free for x in Y 


Type-d formulae 
D D, Dz 


TaArY TY [t/a] TY [t/a] 
EV xY FY (t/a] FY (t/a] 


where t is free for x in Y 


For a formula C' of type c, we let C(t) denote TY [t/a] if C = TVxY, 
FY (t/x] if C = FaAxY, and for a formula D of type d, we let D(t) denote 
TY [t/x] if D= Tac, FY[t/zx] if D= Fvzy. 


We define satisfaction for signed formulae as follows. 
Definition 5.4.4 Given a structure M, an assignment s, and a formula A, 


ME (TA)[s] iff ME Afs}, 


and 
ME (F'A)[s] iff ME (-A)[s] 


(or equivalently, M £ Afs}). 


Lemma 5.4.4 For any structure M and any assignment s: 


(i) For any formula C of type c, 


MEC[s] iff M — C(a)[s] for every a € M; 


(ii) For any formula D of type d, 


ME D{s] iff ME D(a)[s] for at least one a € M. 


Proof: The lemma follows immediately from lemma 5.3.1. 


In view of lemma 5.4.4, formulae of type c are also called formulae of 
universal type, and formulae of type d are called formulae of existential type. 
In order to define Hintikka sets with respect to a term algebra H, some defi- 
nitions are needed. 
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Definition 5.4.5 Given a first-order language L, a nonempty set H of terms 
in TERM, (with variables from V) is a term algebra iff: 


(i) For every n-ary function symbol f in L (n > 0), for any terms 
ti,...,tn € A, fty...t, is also in H. 


(ii) Every constant symbol c in L is also in H. 


Note that this definition is consistent with the definition of an algebra 
given in Section 2.4. Indeed, every function symbol and every constant in 
L receives an interpretation. A term algebra is simply an algebra whose 
carrier H is a nonempty set of terms, and whose operations are the term 
constructors. Note also that the terms in the carrier H may contain variables 
from the countable set V. However, variables are not in L and are not treated 
as constants. Also, observe that if L has at least one function symbol, by 
condition (i) any term algebra on L is infinite. Hence, a term algebra is finite 
only if L does not contain any function symbols. 


5.4.5 Reducts, Expansions 


Given aset S of signed L-formulae, not all symbols in L need occur in formulae 
in S. Hence, we shall define the reduct of L to S. 


Definition 5.4.6 (i) Given two first-order languages (with or without equal- 
ity) L and L’, if L is a subset of L’ (that is, the sets of constant symbols, 
function symbols, and predicate symbols of L are subsets of the corresponding 
sets of L’), we say that L is a reduct of L’ and that L’ is an expansion of L. 
(The set of variables is neither in L nor in L’ and is the given countable set 
V.) 


(ii) If L is a reduct of L’, an L-structure M = (M,/) is a reduct of an 
L’-structure M’ = (M’, I’) if M’ = M and J is the restriction of I’ to L. M’ 
is called an expansion of M. 


(iii) Given a set S of signed L-formulae, the reduct of L with respect to 
S, denoted by Lg, is the subset of L consisting of all constant, function, and 
predicate symbols occurring in formulae in S. 


Note: If L is a reduct of L’, any L-structure M can be expanded to an 
L’-structure M’ (in many ways). Furthermore, for any L-formula A and any 
assigment s, 

ME Als] if and only if M’ — Afs}. 


5.4.6 Hintikka Sets (Languages Without Equality) 


The definition of a Hintikka set is generalized to first-order languages without 
equality as follows. 
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Definition 5.4.7 A Hintikka set S (over a language L without equality) 
with respect to a term algebra H (over the reduct Lg) is a set of signed L- 
formulae such that the following conditions hold for all signed formulae A, B, 
C, D of type a, b, c, d: 


HO: No atomic formula and its conjugate are both in S (TA or FA is 
atomic iff A is). 

H1: If a type-a formula A is in S, then both A, and Ag are in S. 

H2: If a type-b formula B is in S, then either B, is in S or Bg is in S. 

H3: If a type-c formula C is in S, then for every term t € H, C(t) is in 
S (we require that t is free for x in C for every t € H). 


HA4: If a type-d formula D is in S, then for at least one term t € H, D(t) 
is in S (we require that ¢ is free for z in D for every t € H). 


H5: Every variable « occurring free in some formula of S' is in H. 


Observe that condition H5 and the fact that H is a term algebra imply 
that, for every term occurring in some formula in S, if that term is closed or 
contains only variables free in S, then it is in H. 


We can now prove the generalization of lemma 3.5.3 for first-order logic 
(without equality). From lemma 5.3.4, we can assume without loss of gener- 
ality that the set of variables occurring free in formulae in S' is disjoint from 
the set of variables occurring bound in formulae in S. 


Lemma 5.4.5 Every Hintikka set S (with respect to a term algebra H) is 
satisfiable in a structure Hg with domain H. 


Proof: The Lg-structure Hg is defined as follows. The domain of Hs 
is H. 
Every constant c in Lg is interpreted as the term c; 


Every function symbol f of rank n in Lg is interpreted as the function 
such that, for any terms fj,...,t, € H, 


Sus (t1, Rete) =— fibre big’ 


For every predicate symbol P of rank n in Lg, for any terms 1),...,t, € 


Pay (ti, stn) = 4 To if TPty..tr, € S, 


{x if FPty...t, € S, 
or neither T'Pt,...t, nor F’Pty...tp, is in S. 
By conditions HO and the fact that H is an algebra, this definition is 
proper. Let s be any assignment that is the identity on the variables belonging 
to H. 
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We now prove using the induction principle for formulae that 


Hs [= X|s] 


for every signed formula X € S. We will need the following claim that is 
proved using the induction principle for terms. (For a proof of a more general 
version of this claim, see claim 2 in lemma 5.6.1.) 


Claim: For every term t (in H), 
tug [s] = t. 
Assume that TPt,...t, is in S. By H5, the variables in fy,..., t, are in 
H, and since H is a term algebra, t,,...,t, are in H. By definition of Py, and 
the above claim, 
= Pug (ti, ...,trn) = T. 


Hence, 
Hs [= Pty...tn[s]. 


Similarly, it is shown that if FPt,...t, is in S then 
(Pty...tn) Hg [s] = F. 


The propositional connectives are handled as in lemma 3.5.3. 


If a signed formula C of type c is in S, C(t) is in S for every term ¢ in 
H by H3. Since C(¢) contains one less quantifier than C’, by the induction 
hypothesis, 
Hs - C(t)[s] for every t € H. 


By lemma 5.4.1, for any formula A, any term t free for x in A, any structure 
M and any assignment v, we have 


(A[t/2]) mv] = (Ala/]) mel, 


where a = tm|v]. Since 


we have 


Hence, 
Hs — C(t)[s] for every ¢ € H, 


which implies that 
Hs = C{s] 
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by lemma 5.4.4. 


If a signed formula D of type dis in S$, D(t) is in S for some t in H by H4. 
Since D(t) contains one less quantifier than D, by the induction hypothesis, 


Hg E D(t)[s). 


As above, it can be shown that 


Hs — D(t)|[s] for some t € H, 


which implies that 
Hs E D 5 


(by lemma 5.4.4). Finally, using the note before definition 5.4.7, Hg can be 
expanded to an L-structure satisfying S. 


The domain H of the structure Hg is also called a Herbrand universe. 


In order to prove the completeness of the system G (in case of a first- 
order language L without equality) we shall extend the methods used in sec- 
tions 3.4 and 3.5 for the propositional calculus to first-order logic. Given a 
(possibly infinite) sequent [ — A, our goal is to attempt to falsify it. For 
this, we design a search procedure with the following properties: 


(1) If the original sequent is valid, the search procedure stops after a 
finite number of steps, yielding a proof tree. 


(2) If the original sequent is falsifiable, the search procedure constructs 
a possibly infinite tree, and along some (possibly infinite) path in the tree it 
can be shown that a Hintikka set exists, which yields a counter example for 
the sequent. 


The problem is to modify the expand procedure to deal with quantifier 
rules and terms. Clauses H3 and H4 in the definition of a Hintikka set suggest 
that a careful procedure must be designed in dealing with quantified formulae. 


We first treat the special case in which we are dealing with a first-order 
language without equality, without function symbols and with a finite sequent 
TA. 


5.4.7 Completeness: Special Case of Languages Without 
Function Symbols and Without Equality 


Given a sequent [ — A, using lemma 5.3.4, we can assume that the set of 
all variables occurring free in some formula in the sequent is disjoint from 
the set of all variables occurring bound in some formula in the sequent. This 
condition ensures that terms occurring in formulae in the sequent are free for 
susbtitutions. Even though it is not strictly necessary to assume that all the 
formulae in the sequent are rectified, it is convenient to assume that they are. 
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First, it is convenient for proving the correctness of the search procedure 
to give a slightly more general version of the quantifier rules V : left and 
4: right. 


Definition 5.4.8 The extended rules V: left and 4: right are the following: 


T, Alty/a],..., Alt,/a],V7A, A > A 
T,VrtA,A >A 


(Vv : left) 


TSA, Alty/a],..., Alty/a],vA,A 
T > A,ArA,A 


— 
l 


4: right) 


where ¢1,...,t, are any k terms (k > 1) free for x in A. 


It is clear that an inference using this new version of the V : left rule 
(resp. 4: right rule) can be simulated by k applications of the old V : left rule 
(resp. 4: right rule). Hence, there is no gain of generality. However, these 
new rules may reduce the size of proof trees. Consequently, we will assume 
from now on that the rules of definition 5.4.8 are used as the V : left and 


4d: right rules of the Gentzen system G. 


In order to fulfill conditions H3 and H4 we build lists of variables and 
constants as follows. 


Let TE RMp be a nonempty list of terms and variables defined as follows. 
If no free variables and no constants occur in any of the formulae in T — A, 


TERM) =< yo >, 


where yo is the first variable in V not occurring in any formula in T — A. 
Otherwise, 
TERM) =< uo, ...,Up >, 


a list of all free variables and constants occurring in formulae in T — A. Let 
AV AILo =< Yd ee Ung eee > 


be a countably infinite list disjoint from TERMp and consisting of variables 
not occurring in any formula in T — A. 


The terms in TE RMp and the variables in AV AI Lo will be used as the 
t’s and y’s for our applications of quantifier rules V : right, V: left, 4: right 
and 4: left. Because the variables in TE RMp do not occur bound inT > A 
and the variables in AVAIL are new, the substitutions with results A[t/z] 
and A[y/a] performed using the quantifier rules will be free. 


As the search for a counter example for ! — A progresses, we keep track 
step by step of which of ug,...,Up,Y1,Y2,Y3,--- have been thus far activated. The 
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list of activated terms is kept in TE RMp and the list of available variables in 
AVAIL. 


Every time a rule V: right or 4: left is applied, as the variable y we use 
the head of the list AVAIL, we append y to the end of TE RMp and delete 
y from the head of AV AILo. 


When a rule V: left or 4: right is applied, we use as the terms t each 
of the terms ug,...,uq in TERM that have not previously served as a term t 
for that rule with the same principal formula. 


To handle the V : left rule and the 4: right rule correctly, it is necessary 
to keep track of the formulae VzA (or 37A) for which the term u; was used 
as a term for the rule V: left (or 3: right) with principal formula VxA (or 


4dxzA). The first reason is economy, but the second is more crucial: 


If a sequent has the property that all formulae in it are either atomic or 
of the form VxA (or dxA) such that all the terms up,...,ug in TERM have 
already been used as terms for the rule V : left (or 4: right), and if this 
sequent is not an axiom, then it will never become an axiom and we can stop 
expanding it. 


Hence, we structure TERMp as a list of records where every record 
< ui, FORM (t) > contains two fields: u; is a term and FORM)(?) a list 
of the formulae VxA (or dxA) for which u; was used as a term t for the rule 
V: left (or J: right) with principal formula V7A (or 4xzA). Initially, each 
list FORM(i) is the null list. The lists FORMo(i) are updated each time a 
term ¢t is used in arule V: left or 4: right. We also let t(TERMo) denote 
the set of terms {u; | < ui, FORMo(i) > € TERM}. 


Finally, we need to take care of another technical detail: These lists 
must be updated only at the end of a round, so that the same substitutions 
are performed for all occurrences of a formula. Hence, we create another 
variable TERM, local to the procedure search. During a round, TERM, is 
updated but TERM is not, and at the end of the round, TERM, is set to 
its updated version TERM,. 


A leaf of the tree constructed by procedure search is finished iff either: 


(1) The sequent labeling it is an axiom, or 


(2) The sequent contains only atoms or formulae VA (or 4A) belonging 
to all of the lists FORMo(t) for all < uj, FORMo(i) > in TERM). 


The search procedure is obtained by modifying the procedure given in 
definition 3.4.6 by adding the initialization of TE RMpy and AVAIL. 


Definition 5.4.9 The search procedure. The input to search is a one-node 
tree labeled with a sequent [ — A. The output is a possibly infinite tree T 
called a systematic deduction tree. 
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Procedure Search 


procedure search(T — A: sequent; var T : tree); 
begin 

let T be the one-node tree labeled with T — A; 
Let TERM :=<< uo, nil >,...,< Up, nil >> 
and let AVAILo :=< yi, Y2, Y3,-.- >, with uo, ..., Up 
as explained after def. 5.4.8, with p=1 and up = yo when 
I — A contains no free variables and no constants. 
while not all leaves of T are finished do 

TERM, := TERM); To := T; 

for each leaf node of To 

(in lexicographic order of tree addresses) do 

if not finished(node) then 
expand(node, T) 
endif 

endfor; 

TERM) := TERM, 
endwhile; 
if all leaves are closed 
then 

write (‘T is a proof of T — A’) 
else 

write (‘IT — A is falsifiable’) 
endif 

end 


Procedure Expand 


procedure expand(node : tree-address; var T : tree); 
begin 
let Aj,...,Am 2 B,,...,By be the label of node; 
let S be the one-node tree labeled with 
Ai, seey Ax. — By, eeey Bn; 
for 1:=1 tom do 
if nonatomic(A;) then 
grow-left(A;, S) 
endif 
endfor; 
for 1:=1 ton do 
if nonatomic(B;) then 
grow-right (B;, S) 
endif 
endfor; 
T := dosubstitution(T, node, S) 
end 


5.4 Proof Theory of First-Order Languages 201 


Procedure Grow-Left 


procedure grow-left(A: formula; var S : tree); 
begin 
case A of 
BAC, BYVC, 
BDC, -=AB - : extend every nonaziom leaf of S using the 
left rule corresponding to the main 
propositional connective; 
VaB : for every term ux € (TERM ) 
such that A is not in FORMo(k) do 
extend every nonaziom leaf of S by applying 
the V: left rule using the term ux, 
as one of the terms of the rule. In TERM, 
let FORM,(k) := append(FORM,(k), A) 
endfor; 
da2B : extend every nonaxiom leaf of S by applying 
the 4: left rule using y = head( AVAIL) 
as the new variable; 
TERM, := append(TERM, < y, nil >); 
AVAIL := tail(AVAILo) 


endcase 
end 


Procedure Grow-Right 


procedure grow-right(A : formula; var S : tree); 
begin 

case A of 

BAC, BYVC, 

BDC,-7B- : extend every nonaxiom leaf of S using the 
right rule corresponding to the main 
propositional connective; 

daB : for every term ux € (TERM) 
such that A is not in FORMo(k) do 
extend every nonaziom leaf of S by applying 
the 4: right rule using the term uz 
as one of the terms of the rule. In TERM, 
let FORM,(k) := append(FORM;,(k), A) 
endfor; 
V«iB : extend every nonaxiom leaf of S by applying 
the V: right rule using y = head( AVAIL ) 
as the new variable; 
TERM, := append(TERM,, < y, nil >); 
AVAIL := tail(AVAILo) 


endcase 
end 
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EXAMPLE 5.4.3 
Let 


A= 
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a(P > Q(a)) 3 (PD AzQ(z)), 


where P is a propositional symbol and Q a unary predicate symbol. Let 
us trace the construction of the proof tree constructed by the search 
procedure. Since A does not have any free variables, TERM) =<< 
yo, nil >>. After the first round, we have the following tree, and 
TERMp) and AV AIL have not changed. 


The 


da(P > Q(x)) - PD 


42Q(z) 


following tree is obtained: 


— da(P Dd Q(a2)) D (P D 4zQ(z)) 


: left rule is applied using the head y; of AVAIL, and the 


P,P D> Q(y1) > zQ(z) 


PDQ(y1) ~ PDA 


2Q(z) 


Ja(P > Q(x) - PD 


32Q(2) 


At the end of this round, 


and 


During the next round, the J 
4zQ(z) with the terms yo and y;. The following tree is obtained: 


PPA 


9 


2Q(z) 


— da(P Dd Q(2)) D (P D 3AzQ(z)) 


TERM) =<< yo, nil >,< yi, nil >>, 


AV AILy =< Y2, YB, > 


: right 


rule is applied to the formula 


Q(y1), ee Q(yo), Q(y1); 4zQ(z) 


Q(y1); 


P= 32Q(z) 


P,P > Q(y1) > 4zQ(z) 


PDQ(y1) > PDA 


2Q(z) 


da(P D Q(2)) ~ PD 


32Q(2) 


eo 


At the end of the round, 


TERM) =<< yo, < 42Q(z) >> 


a(P D> Q(a)) D (PD 


4zQ(z)) 


.<Y1,< 4zQ(z) >>>. 
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This last tree is a proof tree for A. 


EXAMPLE 5.4.4 
Let 


A =42x(P D> Q(2)) D (PD VzQ(z2)), 


where P is a propositional letter and Q is a unary predicate symbol. 
Initially, TE RMy =<< yo, nil >>. After the first round, the following 
tree is obtained and TERMp and AV AILp are unchanged: 


dr(P D> Q(x)) = PD VzQ(z) 
— dx(P Dd Q(x)) D (P DVzQ(z)) 


During the second round, the 4: left rule is applied and the following 
tree is obtained: 


P,P > Qly1) > VzQ(2) 
P> Q(t) > PD VzQ(z) 

dz(P D> Q(z)) — P Dd VzQ(z) 

— da(P > Q(2)) D (PD Vz2Q(z)) 


At the end of this round, 
TERM) =<< yo, nil >< y1, nil ts 


and 
AV AILy =< Y2, YB, > - 


During the next round, the V : right rule is applied to the formula 
VzQ(z) with the new variable y2. The following tree is obtained: 
Q(y1), P > Q(y2) 
P= PN2Q(2) Qui), P + V2Q(2) 
P,PD Ay) + V2Q(2) 
PD Qn) > PD V2Q(2) 
da(P D Q(x)) — P Dd VzQ(z) 
— da(P > Q(2)) D (PD Vz2Q(z)) 


At the end of this round, 


TERM) =<< yo, nil >, < yr, nil >, < yo, nil >>, 
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and 
AV AILp =< Y3, U4, >. 


Since all formulae in the sequent Q(yi),P — Q(y2) are atomic and it 
is not an axiom, this last tree yields a counter example with domain 
{yo,¥1,Y2}, by making Q arbitrarily true for yo and y1, false for yo, 
and P true. Note that {y, y2} is also the domain of a counter example. 


The following theorem is a generalization of theorem 3.4.1 to finite se- 
quents in first-order languages without function symbols (and without equal- 
ity). Recall that a closed tree is finite by definition. 


Theorem 5.4.1 Let [ — A be an input sequent in which no free variable 
occurs bound. (i) If ! > A is valid, then the procedure search halts with a 
closed tree T which is a proof tree for T > A. 


(ii) If [ — A is falsifiable, then either search halts with a finite counter- 
example tree T’ and IT — A can be falsified in a finite structure, or search 
generates an infinite tree T and [ — A can be falsified in a countably infinite 
structure. 


Proof: First, assume that the sequent [ — A is falsifiable. If the tree T 
was closed, by lemma 5.4.3, [ — A would be valid, a contradiction. Hence, 
either T is finite and contains some path to a nonaxiom leaf, or T is infinite 
and by K6nig’s lemma contains an infinite path. In either case, we show as 
in theorem 3.5.1 that a Hintikka set can be found along that path. Let U be 
the union of all formulae occurring in the left-hand side of each sequent along 
that path, and V the union of all formulae occurring in the right-hand side of 
any such sequent. Let 


S={TA|AcCU}U{FB|BeV}. 


We prove the following claim: 


Claim: S is a Hintikka set with respect to the term algebra consisting 
of the set H of terms in t(TERMo). 


Conditions HO, H1, and H2 are proved as in the propositional case (proof 
of lemma 3.5.2), and we only have to check that t(T ERM) is a term algebra, 
and conditions H3, H4, and H5. Since L does not contain function symbols, 
t(LERMp) is trivially closed under the operations (there are none). Since the 
constants occurring in the input sequent are put in t(TERM)), t((TERMo) isa 
term algebra. Since (TERM) is initialized with the list of free variables and 
constants occurring in the input sequent (or yo if this list is empty), and since 
every time a variable y is removed from the head of AVAILo, < y, < nil >> 
is added to TE RMo, H5 holds. Every time a formula C of type c is expanded, 
all substitution instances C(t) for all t in ((TERMo) that have not already 
been used with C' are added to the upper sequent. Hence, H3 is satisfied. 
Every time a formula D of type d is expanded, y is added to t((T ERM )) and 
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the substitution instance D(y) is added to the upper sequent. Hence, H4 is 
satisfied, and the claim holds. 


By lemma 5.4.5, some assignment s satisfies S in the structure Hg. This 
implies that [ — A is falsified by Hg and s. Note that H must be infinite if 
the tree T is infinite. Otherwise, since we start with a finite sequent, every 
path would be finite and would end either with an axiom or a finished sequent. 


If the sequent [ — A is valid the tree T’ must be finite and closed since 
otherwise, the above argument shows that [ — A is falsifiable. 


As a corollary, we obtain a version of Gédel’s completeness theorem for 
first-order languages without function symbols or equality. 


Corollary If a sequent in which no variable occurs both free and bound 
(over a first-order language without function symbols or equality) is valid then 
it is G-provable. 


In Section 5.5, we shall modify the search procedure to handle function 
symbols and possibly infinite sequents. Finally in Section 5.6, we will adapt 
the procedure to deal with languages with equality. 


PROBLEMS 


5.4.1. Give proof trees for the following formulae: 


VaAD Alt/x], Alt/az] D AA, 


where t is free for x in A. 


5.4.2. Let x, y be any distinct variables. Let A be any formula, C’ any 
formula not containing the variable x free, and let E’ be any formula 
such that x is free for y in E. Give proof trees for the following 


formulae: 
VaC=C dzC=C 
VaVyA = VyVaA drdyA = dysrA 
VaVyE D VeE|a/y] dr E|x/y] > AvdyE 
VtAD ArA 
drVyA D VysrA 


5.4.3. Let A, B be any formulae, and C' any formula not containing the 
variable x free. Give proof trees for the following formulae: 


ad2A =Var7nA “WeA = dr7A 
drA=-Va27AA VatA = 742A 
Va A AVaB = Va(AA B) AvAV dxB = 4Ar(AV B) 
CAVtA =Va(C A A) CV AvA = Ax(C Vv A) 
CAArA = Ax(C A A) CVYarA =Vax(C V A) 


t(AA B) Dd ArAAlrB VeAVVeB D Vr(AV B) 
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5.4.4. 


5.4.5. 


5.4.6. 


x 5.4.7. 


5.4.8. 


* 5.4.9. 
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Let A, B be any formulae, and C’ any formula not containing the 
variable x free. Give proof trees for the following formulae: 


(C DVaA) =Vax(C D A) (C D AvA) = Ax(C D A) 
(Va@A DC) =3r(ADC) drA DC) =Va(A DC) 
(VaA D J¢aB) = Ax(AD B) 
dzA > VxB) DV«r(AD B) 


— 


— 


Give a proof tree for the following formula: 


Wady(>P(x) A P(y)). 


Show that the rules V: right and 4: left are not necessarily sound if 
y occurs free in the lower sequent. 


Let L be a first-order language without function symbols and with- 
out equality. A first-order formula A is called simple if, for every 
subformula of the form VaB or JxB, B is quantifier free. 


Prove that the search procedure always terminates for simple for- 
mulae. Conclude that there is an algorithm for deciding validity of 
simple formulae. 


Let [ — A be a finite sequent, let « be any variable occurring free 
in T = A, and let T'[c/z] — A[c/a] be the result of substituting any 
constant c for x in all formulae in T and in A. 


Prove that if T'[c/x] — Alc/z] is provable, then T[y/z] > Aly/a] is 
provable for every variable y not occurring in T or in A. Conclude 
that if x does not occur inT, if! — A[c/2] is provable, then T — VaA 
is provable. 


The language of a binary relation (simple directed graphs) consists of 
one binary predicate symbol R. The axiom for simple directed graphs 
is: 

Vavy(R(x,y) > Ry, 2)). 
This expresses that a simple directed graph has no cycles of length 
< 2. Let T, contain the above axiom together with the axiom 


VedyR(x, y) 
asserting that every node has an outgoing edge. 


(a) Find a model for T, having three elements. 


Let 75 be T; plus the density axiom: 
VeVy(R(z,y) D dz(R(x,z) A R(z,y))). 


(b) Find a model for T>. Find a seven-node graph model of T». 
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5.5 Completeness for Languages with Function Symbols 
and no Equality 


In order to deal with (countably) infinite sequents, we shall use the technique 
for building a tree used in Section 3.5. First, we need to deal with function 
symbols. 


5.5.1 Organizing the Terms for Languages with Function 
Symbols and no Equality 


Function symbols are handled in the following way. First, we can assume 
without loss of generality that the set of variables V is the disjoint union of 
two countably infinite sets {xo,21,2%2,...} and {yo, y1, y2,.-.} and that only 
variables in the first set (the x’s) are used to build formulae. In this way, 
{yo, Y1, Y2,---} is an infinite supply of new variables. Let T — A be a possibly 
infinite sequent. As before, using lemma 5.3.4, we can assume that the set of 
variables occurring free in T — A is disjoint from the set of variables occurring 
bound in > A. 


Let L’ be the reduct of L consisting of the constant, function and predi- 
cate symbols occurring in formulae in — A. If the set of constants and free 
variables occurring in T — A is nonempty, let 


TERMS =< uo, U4, ..., Uk, > 


be an enumeration of all L’-terms constructed from the variables occurring 
free in formulae in T — A, and the constant and function symbols in L’. 
Otherwise, let 

TERMS =< YO, U15 ++) Uk eee > 


be an enumeration of all the terms constructed from the variable yo and the 
function symbols in L’. 


Let 
TERM =<< head(TERMS), nil >> 


and let 
AV AIL = tail(TERMS). 


For any 7 > 1, let AV AIL; be an enumeration of the set of all L’-terms actually 
containing some occurrence of y; and constructed from the variables occurring 
free in formulae in T — A, the constant and function symbols occurring in 
T. — A, and the variables yy,...,y;. We assume that such an enumeration 
begins with y; and is of the form 


AVAIL; =< Yis Wid y ++) Wij > - 
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EXAMPLE 5.5.1 


Assume that L’ contains a constant symbol a, and the function symbols 
f of rank 2, and g of rank 1. Then, a possible enumeration of TERMS 
is the following: 


TERMS =< a, g(a), f(a,4), 9(9(@)), (F(a, @); F(g(@), a), 
f(a, 9(@)), F(9(@); 9(@)): ++ > - 


Hence, TERMo =<< a,nil >>, and 


AVAILo =< g(a), f(a, a), 9(g(a)), 9( f(a, a)), 
(g(a), @), F(a, 9(@)), F(9(@), 9(@)),-. > - 


For i = 1, a possible enumeration of AV AIL is: 


AVAIL, =< y1,9(y1), f(a, 41), f(y, @), f(y, 91); 
g(9(y1)), 9 F(a, 91), 9 F (41), (FP (Y1, Y1))s 2 > 


Each time a rule V: right or 4: left is applied, we use as the variable y 
the first y; of y1,y2,... not yet activated, append y; to t(([T ERM ), and delete 
y; from the list AV AIL;. We use a counter NUM ACT to record the number 
of variables y1,y2,.... thus far activated. Initially NUM ACT = 0, and every 
time a new y; is activated NUM ACT is incremented by 1. 


InaV: left or ad: right step, all the terms in t(([7ERMo) thus far 
activated are available as terms t. Furthermore, at the end of every round, 
the head of every available list AVAIL, thus far activated (with 0 <i < 
NUMACT) is appended to t(TERMp) and deleted from AVAIL;. Thus, 
along any path in the tree that does not close, once any term in an AV AIL; 
list is activated, every term in the list is eventually activated. 


Note that if the sets FS and CS are effective (recursive), recursive func- 
tions enumerating the lists (TERM) and AVAIL; (i > 0) can be written 
(these lists are in fact recursive). 


The definition of a finished leaf is the following: A leaf of the tree is 
finished if either 
(1) It is an axiom, or 


(2) L and R (as defined in subsection 3.5.2) are empty, and the se- 
quent only contains atoms or formulae VzA (or JxzA) belonging to all lists 
FORM(i), for all < uj, FORMo(i) > in TERM. 
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5.5.2 The Search Procedure for Languages with Func- 
tion Symbols and no Equality 


The search procedure (and its subprograms) are revised as follows. 
Definition 5.5.1 The search procedure. 


Procedure Search 


procedure search(T9 — Ao: sequent; var T : tree); 
begin 
L := tail((o); T := head(T); 
R:= tail(Ao); A := head(Ag); 
let T be the one-node tree labeled with T — A; 
Let TERM and AVAIL;, 0 < i, 
be initialized as explained in section 5.5.1. 
NUMACT := 0; 
while not ail leaves of T are finished do 
TERM, := TERM; To := T; 
for each leaf node of To 
(in lexicographic order of tree addresses) do 
if not finished(node) then 
expand(node, T) 
endif 
endfor; 
TERM) := TERM; L:= tail(L); R:= tail(R); 
for 1:=0 to NUMACT do 
TERM, := append(TERMo, < head(AVAIL;), nil >); 
AVAIL; := tail(AVAIL;) 
endfor 
endwhile; 
if all leaves are closed 
then 
write (‘T is a proof of To — Ao’) 
else 
write (‘To — Ao is falsifiable’) 
endif 
end 


The Procedures expand, grow-left, and grow-right appear on the next 
two pages. 
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procedure expand(node : tree-address; var T : tree); 
begin 
let Aj,...,Am — B,...,By be the label of node; 
let S be the one-node tree labeled with 
Ai, ray — By, wep Bini 
for 1:=1 to m do 
if nonatomic(A;) then 
grow-left(A;, S) 
endif 
endfor; 
for 1:=1 to n do 
if nonatomic(B;) then 
grow-right(B;, S) 
endif 
endfor; 
for each leaf u of S do 
let 1 — A be the label of u; 
I’ :=T, head(L); 
A’ := A, head(R); 
create a new node ul labeled with T’ — A’ 
endfor; T := dosubstitution(T, node, S) 
end 


procedure grow-left(A : formula; var S : tree); 
begin 
case A of 
BAC, BVC, 
BDC,=AB - : extend every nonaziom leaf of S using the 
left rule corresponding to the main 
propositional connective; 
VaB : for every term ux € (TERM) 
such that A is not in FORM)(k) do 
extend every nonaziom leaf of S by applying 
the V: left rule using the term ux 
as one of the terms of the rule. In TERM, 
let FORM,(k) := append(FORM;,(k), A) 
endfor; 
daB : NUMACT := NUMACT +1; 
extend every nonaxiom leaf of S by applying 
the 4: left rule using y = head(AVAILnumacr) 
as the new variable; 
TERM, := append(TERM,, < y, nil >); 
AVAILNuMACT = tail(AVAILnumacr) 


endcase 
end 
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procedure grow-right(A : formula; var S : tree); 
begin 

case A of 

BAC, BVC, 

BDC, -AB - : extend every nonaxiom leaf of S using the 
right rule corresponding to the main 
propositional connective; 

da B : for every term ux € (TERM) 
such that A is not in FORM (k) do 
extend every nonaziom leaf of S by applying 
the 4: right rule using the term ux, 
as one of the terms of the rule. In TERM, 
let FORM,(k) := append(FORM,(k), A) 
endfor; 
V«B : NUMACT := NUMACT +1; 
extend every nonaxiom leaf of S by applying 
the: right rule using y = head(AVAILNumacr) 
as the new variable; 
TERM, := append(TERM,, < y, nil >); 
AVAILNumMactT = tail(AVAILnumacr) 


endcase 
end 


Let us give an example illustrating this new version of the search pro- 
cedure. 


EXAMPLE 5.5.2 
Let 


A= (WaP(a) A AyQ(y)) > (P(F(v)) A 32Q(2)); 


where P and Q are unary predicate symbols, and f is a unary function 
symbol. The variable v is free in A. Initially, 


TERM) =<< 0, nil >>, 
AVAIL =< f(v), f(f(v)), 5 fF" (a), >; 


and for i> 1, 
AVAIL; =< Vis FG) Are al (CPR soaks > be 


After the first round, we have the following tree: 


VeP(«) A AyQ(y) > P(f(v)) A 
— VaP(x) A AyQ(y) > P(f(v)) 
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At the end of this round, 
TERM) =<< v, nil >,< f(v), nil >>, 


AVA =2 PO sac"), 
and fori > 1, AV AIL; is unchanged. After the second round, we have 


the following tree: 


VeP(x), dyQ(y) > P(f(v)) 
VaP(x), 4yQ(y) > P(f(v)) 

VeP(x) A ayQ(y) > P(f(v)) 

— VxP(x) A ayQ(y) D P(f(v)) A 3zQ(z) 


VaP(x), dyQ(y) > 4zQ(z) 
A AzQ(z) 
3202) 


At the end of this round, 
TERM) =<< v, nil >,< f(v), nil >,< f(f(v)), nil >>, 


AV AIL =< f(v),..., f"(v), 0. >, 
and fori > 1, AVAIL; is unchanged. After the third round, we have 


the following tree: 


T, T» 
VeP(x), IyQ(y) > P(F(e)) VaP(x), IyQ(y) > 4zQ(z) 
A AzQ(z) 


VeP(x), SyQ(y) > P(F(e)) 
yQ(y) > P(f(v)) A AzQ(z) 


VaP(x) AF 
> VaP(a) A AyQ(y) > P(F(v)) A 5zQ(z) 


where the tree JT; is the proof tree 
P(v), P(f(v)), PF F(e))), VeP(«), SyQ(y) > P(f(v)) 
VeP(x), IyQ(y) > P(F(e)) 


and the tree T> is the tree 
P,VeP(x),Q(y1) > Qv), Q(F(r)), QF (F(e))) 
P(v), P(f(v)), PUFF (v))), VeP(2), Q(y1) > 
P(v), P(f(v)), PF (F(e))), VeP(2), ayQ(y) > 4zQ(z) 
VeP(x), SyQ(y) > 4zQ(z) 
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where 
P= P(v), P(f(v)), POFFO). 
At the end of this round, 


TERM) =<< 0, < VaP(x), 42Q(z) >>, < flv), < VaP(x),4zQ(z) >> 
< f(f(v)), < VaP(2x), 32Q(z) >>, < yx, nil >, < f?(v), nil >, 
Tt 


fyi), nil >>, 


AV AIL =< fi*(v),..., f"(v), > 
AVAIL =< f? (91), 0 f° (Y1)s > 


and for i > 1, AVAIL; is unchanged. At the end of the fourth round, 
T> expands into the following proof tree: 


I”, Q(y1) > Q(v), Q(F(e)), QF(F(e))), Ay), O(FF(e)), QF (ys), 32Q(z) 
PT, VeP(2), Q(y1) > Qv), Q(f(e)), QF(F())), 4zQ() 
P(v), P(f(v)), PFF(@))), VeP(2), Q(y1) > AzQ(z) 
P(v), P(f(v)), PUFF), VeP(2), yQ(y)  4zQ(z) 
VeP(2), yQ(y) > 42Q(z) 


EXAMPLE 5.5.3 
Let 


A= (drP(a) A Q(a)) > VyP(F(y)). 
Initially, TE RMo =<< a,nil >>, and 
AV AIL =< f(a), f7(a),..., f"(a),... > 
At the end of the first round, the following tree is obtained: 


aP(x) \ Q(a) = VyP(f(y)) 
daP(x) \ Q(a) D VyP(f(y)) 


At the end of the round, 


Ly 


TERM) =<< a,nil >,< f(a), nil >>, 


and 
AVAIL =< f?(a),..., f?(a),.. > 
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At the end of the second round, the following tree is obtained: 

drP(x), Q(a) > P(f(y1)) 

drP(x) \ Q(a) > VyP(F(y)) 


> dexP(2) A Q(a) > VyP(F(y)) 
At the end of this round, 


TERM) =<< a,nil >,< f(a), nil >,< y1,nil >,< f(y1), nil >, 
< f(a), nil >>, 
AV ATLg SOP (a) ay f(a) pas cand 
AVAL =e 17) sf lie 


(a 
(a 


At the end of the third round, the following tree is obtained: 
P(y2), Q(a) > P( f(y) 

daxP(x), Q(a) > P(f(y1)) 

da P(x) A Q(a) — VyP(f(y)) 

— daP(r) \ Q(a) D VyP(f(y)) 


This tree is a finished nonclosed tree, since all formulae in the top sequent 
are atomic. A counter example is given by the structure having 


H =< a, f(a), oy f(A) 5 ney Yrs F(Y1) 5 oy L(Y) 5 os 
yo, f(y2), 5 f" (Yo), > 


as its domain, and by interpreting P as taking the value T for y2, F for 
f(y1), and Q taking the value T for a. 


5.5.3 Completeness of the System G (Languages With- 
out Equality) 


We can now prove the following fundamental theorem. 


Theorem 5.5.1 Let Ig — Ag be an input sequent in which no free variable 
occurs bound. (i) If [9 — Ao is valid, then the procedure search halts with 
a closed tree JT’, from which a proof tree for a finite subsequent C1, ...,Cm — 
D,,..., Dyn of To — Ap can be constructed. 
(ii) If [5 — Ao is falsifiable, then there is a Hintikka set S such that 
either 
(a) Procedure search halts with a finite counter-example tree T and, 
if we let 


Hg =t(TERM)) U{AV AIL; | 0 <i < NUMACT}, 
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Ty) — Ao is falsifiable in a structure with countable domain Hg; or 


(b) Procedure search generates an infinite tree T and, if we let Hs = 
t(TERMp), then Ip — Ao is falsifiable in a structure with count- 
able domain Hyg. 


Proof: The proof combines techniques from the proof of theorem 5.4.1 
and the proof of theorem 3.5.1. The difference with the proof of theorem 5.4.1 
is that a closed tree T is not exactly a proof tree, and that it is necessary to 
modify the tree T’ in order to obtain a proof tree. 


Assume that search produces a closed tree, and let Cj,...,C, be the 
initial subsequence of formulae in T which were deleted from I to obtain L, and 
Dy,,..., Dy the initial subsequence of formulae in A which were deleted from 
A to obtain R. A proof tree for a the finite sequent Cj, ...,Cm — D1,...,Dn 
can easily be obtained from T’, using the following technique: 


First, starting from the root and proceeding bottom-up, for each node 
T, head(L) — A, head(R) at depth k created at the end of a call to procedure 
expand, add head(L) after the rightmost formula in the premise of every 
sequent at depth less than k, and add head(R) after the rightmost formula 
in the conclusion of every sequent at depth less than k, obtaining the tree T”. 
Then, a proof tree T” for Cy,...,Cm — D1,...,Dy is constructed from T’ by 
deleting all duplicate nodes. The tree T” is a proof tree because the same 
inference rules that have been used in T are used in T”. 


If T is not a closed tree, along a finite or infinite path we obtain a set 
S of signed formulae as in the proof of theorem 5.4.1. We show the following 
claim: 


Claim: The set Hs of terms defined in clause (ii) of theorem 5.5.1 is a 
term algebra (over the reduct L’), and S is a Hintikka set with respect to Hg. 


To prove the claim, as in theorem 5.4.1, we only need to prove that Hs 
is a term algebra, and that H3, H4, and H5 hold. We can assume that L’ 
contains function symbols since the other case has been covered by theorem 
5.4.1. Since L’ contains function symbols, all the sets AVAIL; (i > 0) are 
countably infinite. 


First, observe that every variable free in S' is either a variable free in the 
input sequent or one of the activated variables. Since 


(i) (TERM) and AV AIL are initialized in such a way that the vari- 
ables free in the input sequent belong to the union of t(TERMp) and AV AIL, 


(ii) Whenever a new variable y; is removed from the head of the list 
AVAIL, it is added to t(T ERMo) and, 


(iii) At the end of every round the head of every activated list (of the 
form AV AIL,, for 0 <i < NUMACT) is removed from that list and added 
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to (TERM), it follows from (i)-(iii) that all variables free in S are in 
t(TERM») U{ AVAIL; | 0 <i < NUMACT} if T is finite or in (TERM) 
if T is infinite, and condition H5 holds. 


Observe that if T is finite, from (i), (ii), and (iii) it also follows that 
t(TERM)) U{AVAIL,; | 0 <i < NUMACT} contains the set of all terms 
built up from the variables free in the input sequent, the variables activated 
during applications of 4: left or V : right rules, and the constant and func- 
tion symbols occurring in the input sequent. Hence, Hg is closed under the 
function symbols in L’, and it is a term algebra. 


If T is infinite, all the terms in all the activated lists AV AIL; are even- 
tually transferred to t([ERMo), and conditions (i) to (iii) also imply that 
t([TERMb)) contains the set of all terms built up from the variables free in 
the input sequent, the variables activated during applications of 4 : left or 
V: right rules, and the constant and function symbols occurring in the input 
sequent. Hence, Hs = t(T ERM,) is a term algebra. 


If T is infinite, condition H5 also follows from (i) to (iii). 


Every time a formula C of type c is expanded, all substitution instances 
C(t) for all t in t(([£RM,) which have not already been used with C' are 
added to the upper sequent. Hence, H3 is satisfied. Every time a formula D 
of type d is expanded, the new variable y; removed from AV AIL; is added to 
t(TERM)) and the substitution instance D(y;) is added to the upper sequent. 
Hence, H4 is satisfied, and the claim holds. 


Since S is a Hintikka set, by lemma 5.4.5, some assignment s satisfies S 
in a structure Hg with domain Hy, and so, I'9 — Ag is falsified by Hg and 
8. 


Corollary (A version of Gédel’s extended completeness theorem for G) A 
sequent in which no variable occurs both free and bound (even infinite) is 
valid iff it is G-provable. 


As a second corollary, we obtain the following useful result. 


Corollary There is an algorithm for deciding whether a finite sequent con- 
sisting of quantifier-free formulae is valid. 


Proof: Observe that for quantifier-free formulae, the search procedure 
never uses the quantifier rules. Hence, it behaves exactly as in the proposi- 
tional case, and the result follows from theorem 3.4.1. 


Unfortunately, this second corollary does not hold for all formulae. In- 
deed, it can be shown that there is no algorithm for deciding whether any 
given first-order formula is valid. This is known as Church’s theorem. A 
proof of Church’s theorem can be found in Enderton, 1972, or Kleene, 1952. 
A particularly concise and elegant proof due to Floyd is also given in Manna, 
1974. 
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The completeness theorem only provides a semidecision procedure, in the 
sense that if a formula is valid, this can be demonstrated in a finite number 
of steps, but if it is falsifiable, the procedure may run forever. 


Even though the search procedure provides a rather natural proof pro- 
cedure which is theoretically complete, in practice it is extremely inefficient 
in terms of the number of steps and the amount of memory needed. 


This is illustated by the very simple formulae of example 5.5.2 and ex- 
ample 5.5.3 for which it is already laborious to apply the search procedure. 
The main difficulty is the proper choice of terms in applications of V : left 
and 4: right rules. In particular, note that the ordering of the terms in the 
lists ((TERMpo) and AV AIL; can have a drastic influence on the length of 
proofs. 


After having tried the search procedure on several examples, the fol- 
lowing fact emerges: It is highly desirable to perform all the quantifier rules 
first, in order to work as soon as possible on quantifier-free formulae. Indeed, 
by the second corollary to the completeness theorem, proving quantifier-free 
formulae is a purely mechanical process. 


It will be shown in the next chapter that provided that the formulae in 
the input sequent have a certain form, if such a sequent is provable, then it 
has a proof in which all the quantifier inferences are performed below all the 
propositional inferences. This fact will be formally established by Gentzen’s 
sharpened Hauptsatz, proved in Chapter 7. Hence, the process of finding a 
proof can be viewed as a two-step procedure: 


(1) In the first step, one attempts to “guess” the right terms used in 
V:left and 4: right inferences; 


(2) In the second step, one checks that the quantifier-free formula ob- 
tained in step 1 is a tautology. 


A rigorous justification of this method will be given by Herbrand’s the- 
orem, proved in Chapter 7. The resolution method for first-order logic pre- 
sented in Chapter 8 can be viewed as an improvement of the above method. 


For the time being, we consider some applications of theorem 5.5.1. The 
following theorems are easily obtained as consequences of the main theorem. 


5.5.4 Lowenheim-Skolem, Compactness, and Model Ex- 
istence Theorems for Languages Without Equality 


The following result known as L6wenheim-Skolem’s theorem is often used in 
model theory. 


Theorem 5.5.2 (Lo6wenheim-Skolem) If a set of formulae T is satisfiable in 
some structure M, then it is satisfiable in a structure whose domain is at most 
countably infinite. 
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Proof: It is clear that [T — is falsifiable in M. By theorem 5.5.1, the 
search procedure yields a tree from which a Hintikka set S can be obtained. 
But the domain H of Hg is at most countably infinite since it consists of 
terms built from countable sets. Hence, Hg is a countable structure in which 
T is satisfiable. 


The other results obtained as consequences of theorem 5.5.1 are coun- 
terparts of theorem 3.5.3, theorem 3.5.4, and lemma 3.5.4. The proofs are 
similar and use structures instead of valuations. 


Theorem 5.5.3 (Compactness theorem) For any (possibly countably infi- 
nite) set I of formulae, if every nonempty finite subset of I is satisfiable then 
T is satisfiable. 


Proof: Similar to that of theorem 3.5.3. 


Recall that a set T of formulae is consistent if there exists some formula 
A such that Cj,...,Cm, — A is not G-provable for any Cj,...,Cy, in T. 


Theorem 5.5.4 (Model existence theorem) If a set T of formulae is consis- 
tent then it is satisfiable. 


Proof: Similar to that of theorem 3.5.4. 


Note that the search procedure will actually yield a structure Hg for 
each Hintikka set S arising along each nonclosed path in the tree T’, in which 
S and [ are satisfiable. 


Lemma 5.5.1 (Consistency lemma) If a set [ of formulae is satisfiable then 
it is consistent. 


Proof: Similar to that of lemma 3.5.4. 


5.5.5 Maximal Consistent Sets 


The concept of a maximal consistent set introduced in definition 3.5.9 is gen- 
eralized directly to sets of first-order formulae: 


A consistent set T of first-order formulae (without equality) is maximally 
consistent (or a maximal consistent set) iff, for every consistent set A, if 
TCA, then T = A. Equivalently, every proper superset of I’ is inconsistent. 
Lemma 3.5.5 can be easily generalized to the first-order case. 


Lemma 5.5.2 Given a first-order language (without equality), every con- 
sistent set I is a subset of some maximal consistent set A. 


Proof: Almost identical to that of lemma 3.5.5, but using structures 
instead of valuations. 
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It is possible as indicated in Section 3.5 for propositional logic to prove 
lemma 5.5.2 directly, and use lemma 5.5.2 to prove the model existence theo- 
rem (theorem 5.5.4). From the model existence theorem, the extended Gédel 
completeness theorem can be shown (corollary to theorem 5.5.1). Using this 
approach, it is necessary to use a device due to Henkin known as adding wit- 
nesses. Roughly speaking, this is necessary to show that a Henkin maximal 
consistent set is a Hintikka set with respect to a certain term algebra. The 
addition of witnesses is necessary to ensure condition H4 of Hintikka sets. 
Such an approach is explored in the problems and for details, we refer the 
reader to Enderton, 1972; Chang and Keisler, 1973; or Van Dalen, 1980. 


PROBLEMS 


5.5.1. Using the search procedure, find counter examples for the formulae: 


ArA A AxB D Ar(AA B) 
VydrA D> AaVyA 
drtADVarA 


5.5.2. Using the search procedure, prove that the following formula is valid: 


aAyVva(S(y, x2) = 7S (a, 2)) 


5.5.3. Using the search procedure, prove that the following formulae are 
valid: 


VaA D Alt/a], 
Alt/x] D AA, 


where t is free for x in A. 


5.5.4. This problem is a generalization of the Hilbert system H of problem 
3.4.9 to first-order logic. For simplicity, we first treat the case of 
first-order languages without equality. The Hilbert system H for first- 
order logic (without equality) over the language using the connectives, 
A,V, >,7,V and 4 is defined as follows: 


The axioms are all formulae given below, where A, B, C denote 
arbitrary formulae. 


AD(BDA) 
(AD B)D((AD(BDC))D(ADOC)) 
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ADd(BD(AAB)) 
AD (AV B), BD (AVB) 

(AD B) > ((AD 7B) D 7A) 
(AA B)DA, (AA B)DB 
(ADC) D((BDC)D (AV B)DC)) 
AAD A 
VeA > Alt/a] 

Alt/z] D dxA 


where in the last two axioms, t is free for x in A. 


There are three inference rules: 


(i) The rule modus ponens given by: 


A (ADB) 
B 


ii) The generalization rules given by: 
g g y 


4d: rule 


ABA) viiuje (ADB) 
(BD Ve) °° (zA > B) 


where x does not occur free in B. 


Let {Aj,..., Am} be any set of formulae. The concept of a deduction 
tree of a formula B from the set {Aj,...,Am} in the system H is 
defined inductively as follows: 


(i) Every one-node tree labeled with an axiom B or a formula B in 
{Aj,...; Am} is a deduction tree of B from {Aj,..., Am}. 


(ii) If T, is a deduction tree of A from {Aj,..., Am} and T> is a de- 
duction tree of (A > B) from {Aj,..., Am}, then the following tree is 
a deduction tree of B from {Aj,..., Am}: 
T T 
A (AD B) 


B 


(iii) If T, is a deduction tree of (B D A) from {Aj,...,Am} (or a 
deduction tree of (A D B) from {Aj,...,Am}), and x does not occur 
free in any of the formulae in {Aj,..., Am}, then the following trees 
are deduction trees of (B D VxA) from {Aj,...,Am} (or (AvA D B) 
from {Aj,...,Am}). 
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T Ti 
(BD A) (AD B) 
(BD VaA) (dvA D B) 


A proof tree is a deduction tree whose leaves are labeled with axioms. 
Given a set {Aj,..., Am} of formulae and a formula B, we use the 
notation Aj,...,Am / B to denote that there is a deduction tree of B 
from {Aj,..., Am}. In particular, if the set {A1,..., Am} is empty, the 
tree is a proof tree and we write F B. 


Prove that the generalization rules are sound rules, in the sense that 
if the premise is valid, then the conclusion is valid. Prove that the 
system H is sound; that is, every provable formula is valid. 


5.5.5. (i) Show that if Aj,...,Am,A B is a deduction in H not using the 
generalization rules, then Aj,..., Amt (AD B). 
(ii) Check that the following is a deduction of C from AD (BD C) 
and AA B: 
AAB AABDA 
ANB ANBDB A AD (Ba) 
B BoC 
C 
Conclude that AD (BD C)F(AAB)DC. 
(iii) Check that the following is a deduction of C from (A A B) DC, 
A, and B: 
A AD(BD(AAB)) 
B BD(AAB) 
AAB (AA B)DC 
C 
Conclude that (AA B) > CF AD (BDC). 
* 5.5.6. In this problem, we are also considering the proof system H of prob- 


lem 5.5.4. The deduction theorem states that, for arbitrary formulae 
Aj,..,4m,A,B, 


if Ay, w34 Alyy A E B, then Aj, saa E (A =) B). 
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5.5.7. 


5.5.8. 


* 5.5.9. 


* 5.5.10. 
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Prove the deduction theorem. 


Hint: Use induction on deduction trees. In the case of the general- 
ization rules, use problem 5.5.5. 


Prove the following: 


If Aj,..., Am / B; for every 1, 1 <<i<m and 
By, saplpy: F C, then Ai, og AG EC, 


Hint: Use the deduction theorem. 


Prove that for any set [ of formulae, and any two formulae B and C, 


if LC then 
T,CHB iff TB. 


In this problem, we are still considering the proof system H of problem 
5.5.4. Prove that the following meta rules hold about deductions in 
the system H: 


For all formulae A, B, C and finite sequence [ of formulae (possibly 
empty), we have: 


Introduction Elimination 
> Ifl,AtB, A,(AD> B)- B 
then TF (AD B) 
A A,BE(AAB) (AA B)FA 
(AA B)F B 
V AF(AVB) Iff,AtCandIr,BrFC 


then T, (AV B) FC 
- Iff,AhBandT,AFAB -=7AFA 
then [TF =A (double negation elimination) 
(reductio ad absurdum) A,=At B 
(weak negation elimination) 


VY Ifft A then VaAb Alt/a] 
TEVarA 
4 Alt/z] H} avA Iff, AFC then 
T,4rAt C 


where t is free for x in A, x does not occur free in I, and x does not 
occur free in C. 


Hint: Use problem 5.5.7, problem 5.5.8, and the deduction theorem. 


In this problem it is shown that the Hilbert system H is complete, by 
proving that for every Gentzen proof T of a sequent — A, where A 
is any formula, there is a proof in the system H. 
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5.5.11. 


5.5.12. 


(i) Prove that for arbitrary formulae A),...,Am,B1,...,Bn, 
(a) in H, for n > 0, 
Aj,.-;Am;7B1,...,7Bnb PA-7AP_ if and only if 
Ab Air SB eB lh Be and 


(b) in H, for m > 0, 
Aj,...; Am, 7B1,..,7Bnb PA7AP if and only if 
As; Atns By, wy By E Ay. 


(ii) Prove that for any sequent Aj,..., Am — Bi,...,Bn, 
if - Ay,...,Am —- Bi,..., By in the Gentzen system G then 
Ag, «+; Ams Bi, 0, 7By EK (PAP) 
is a deduction in the Hilbert system H. 
Conclude that H is complete. 
Hint: Use problem 5.5.9. 
Recall that the cut rule is the rule 
T-A,A A,A-0O 
T,A>A,O 
A is called the cut formula of this inference. 


Let G + {cut} be the formal system obtained by adding the cut rule 
to G. The notion of a deduction tree is extended to allow the cut rule 
as an inference. A proof in G is called a cut-free proof. 


(i) Prove that for every structure A, if A satisfies the premises of the 
cut rule, then it satisfies its conclusion. 


(ii) Prove that if a sequent is provable in the system G+ {cut}, then 
it is valid. 

(iii) Prove that if a sequent is provable in G + {cut}, then it has a 
cut-free proof. 


(i) Prove solely in terms of proofs in G+ {cut} that a set T of formulae 
is inconsistent if and only if there is a formula A such that both > A 
and [ > —A are provable in G + {cut}. 


(ii) Prove solely in terms of proofs in G+ {cut} that, [ — A is not 
provable in G + {cut} if and only if [ U {7A} is consistent. 


Note: Properties (i) and (ii) also hold for the proof system G, but 
the author does not know of any proof not involving a proof-theoretic 
version of Gentzen’s cut elimination theorem. The completeness the- 
orem for G provides a semantic proof of the cut elimination theorem. 
However, in order to show (i) and (ii) without using semantic argu- 
ments, it appears that one has to mimic Gentzen’s original proof. 
(See Szabo, 1969.) 
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5.5.13. 


5.5.14. 


* 5.5.15. 


* 5.5.16. 


* 5.5.17. 
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A set T of sentences is said to be complete if, for every sentence A, 


either 
-T—-+A or 


FTAA, 


but not both. Prove that for any set [ of sentences, the following 
are equivalent: 


(i) The set {A | + T — A in G} is a maximal consistent set. 

(ii) Tis complete. 

(iii) Any two models of I’ are elementary equivalent. 

(See problem 5.3.25 for the definition of elementary equivalence.) 


Let Tbe a consistent set (of L-formulae). Let Aj, Ag,...,An,... be an 
enumeration of all L-formulae. Define the sequence I’, inductively as 
follows: 


r — J Tn U {Angi} iff, U {An+1} is consistent; 
i ama otherwise. 


Let 


A= Lyre 


n>0 
Prove the following: 
(a) Each [,, is consistent. 
(b) A is consistent. 
(c) A is maximally consistent. 


Prove that the results of problem 3.5.16 hold for first-order logic if 
we change the word proposition to sentence. 


Prove that the results of problem 3.5.17 hold for first-order logic if 
we change the word proposition to sentence and work in G+ {cut}. 


In this problem and the next four, Henkin’s version of the complete- 
ness theorem is worked out. The approach is to prove the model 
existence theorem, and derive the completeness theorem as a con- 
sequence. To prove that every consistent set S is satisfiable, first 
problem 5.5.14 is used to extend S to a maximal consistent set. How- 
ever, such a maximal consistent set is not necessarily a Hintikka set, 
because condition H4 may not be satisfied. To overcome this problem, 
we use Henkin’s method, which consists of adding to S formulae of 
the form 37B D B{c/z], where c is a new constant called a witness of 
dzB. However, we have to iterate this process to obtain the desired 
property. 
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Technically, we proceed as follows. Let L be a first-order language 
(without equality). Let L* be the extension of L obtained by adding 
the set of new constants 


{cp | D is any sentence of the form 4xB}. 


The constant cp is called a witness of D. Let S be any set of L- 
sentences, and let 


S* = SU {arB D Bliep/a] | IaB ¢ FORM, 


cp is a witness of the sentence D = AxB}. 


(Note that 4xB is any arbitrary existential sentence which need not 
belong to S). 


(a) Prove that for every L-sentence A, if S* — A is provable in 
G + {cut}, then S — A is provable in G + {cut}. 


Hint: Let T be a finite subset of S* such that [ — A is provable 
(in G + {cut}). Assume that T contains some sentence of the form 
dzB D> Blcp/xz], where D = AxB. Let A =T — {ArB D Biep/sz}}. 
Note that cp does not occur in A, J¢B, or A. Using the result 
of problem 5.4.8, show that A,d¢B D Bly/x] — A is provable (in 
G + {cut}), where y is a new variable not occurring in T > A. Next, 
show that — da(dxB D B) is provable (in G). Then, show (using a 
cut) that A — A is provable (in G + {cut}). Conclude by induction 
on the number of sentences of the form 4rB D B[cp/a] in T. 


(b) A set S of L-sentences is a theory iff it is closed under provability, 
that is, iff 


S={A| + S—AinG+ {cut}, FV(A) = O}. 


A theory S' is a Henkin theory iff for any sentence D of the form 4IrzB 
in FORM, (not necessarily in S), there is a constant c in L such 
that eB D Bic/z] is also in S. 


Let S be any set of L-sentences and let T’ be the theory 
T={A|-S—AinG+ {cut}, FV(A) =O}. 


Define the sequence of languages L,, and the sequence of theories T,, 
as follows: 


Lo = L; Ly+i = (Ln)*; and 
To =T; Troi = {A| + (T,)* > Ain G + {cut}, FV(A) = 9}. 
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Let 
LP S|) Ti 
n>0 
and 
dae eke 
n>0 


Prove that T” is a Henkin theory over the language L/. 


(c) Prove that for every L-sentence C, 


if 1 T#® | C in G + {cut}, 
then | T > C in G+ {cut}. 


We say that T” is conservative over T. 
(d) Prove that T” is consistent iff T is. 
«x 5.5.18. Let T be a consistent set of L-sentences. 


(a) Show that there exists a maximal consistent extension T’ over L? 
of T which is also a Henkin theory. 


Hint: Let S = {A | | T > A, FV(A) = 0}. Show that any max- 
imally consistent extension of S” is also a Henkin theory which is 
maximally consistent. 


(b) The definition of formulae of type a, b, c, d for unsigned formulae 
and of their immediate descendants given in problem 3.5.7 is extended 
to the first-order case. 


Formulae of types a, b, c, d and their immediate descendants are 
defined by the following table: 


Type-a formulae 


A Aj. As 

(X AY) 5.4 Y 
“AXVY) AX AY 
“XDY) xX  -Y 
a3X D4 4 


Type-b formulae 
B B, Bo 
A(X AY) aX = 


(X VY) x Y 
(XDY) AX Y 
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* 5.5.19. 


*k 5.5.20. 


* 5.5.21. 


* 5.5.22. 


Type-c formulae 
C Ch C2 


VY Y [t/a] Y [t/z] 
adaY AY [t/a] AY [t/2] 


where t is free for x in Y 


Type-d formulae 
D dD, Dz 


AY YY [e/a] Y[t/2] 
aWtY = =Y[t/e] AY [e/a] 


where t is free for x in Y 


The definition of a Hintikka set is also adapted in the obvious way to 
unsigned formulae. Also, in this problem and some of the following 
problems, given any set S of formulae and any formulae Aj,...,An, 
the set SU {Aj,..-An} will also be denoted by {S, Aj, ..., An}. 


Prove that a maximal consistent Henkin set T’ of sentences is a Hin- 
tikka set with respect to the term algebra H consisting of all closed 
terms built up from the function and constant symbols in L”. 


(c) Prove that every consistent set T of L-sentences is satisfiable. 


(d) Prove that a formula A with free variables {71, ..., Z,} is satisfiable 
iff A[c1/21,...,Cn/2n] is satisfiable, where cy,...,cn are new constants. 
Using this fact, prove that every consistent set T of L-formulae is 
satisfiable. 


Recall that from problem 5.5.12, in G+ {cut}, [ — A is not provable 
if and only if fT U{—=A} is consistent. Use the above fact and problem 
5.5.18 to give an alternate proof of the extended completeness theorem 
for G+ {cut} (ETA iff FT — Ain G+ {cut}). 


Prove that the results of problem 5.5.17 hold for languages of any 
cardinality. Using Zorn’s lemma, prove that the results of problem 
5.5.18 hold for languages of any cardinality. Thus, prove that the 
extended completeness theorem holds for languages of any cardinality. 


For a language L of cardinality a, show that the cardinality of the 
term algebra arising in problem 5.5.18 is at most a. Conclude that 
any consistent set of L-sentences has a model of cardinality at most 
Q. 


Let L be a countable first-order language without equality. A prop- 
erty P of sets of formulae is an analytic consistency property iff the 
following hold: 
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(i) P is of finite character (see problem 3.5.12). 


(ii) For every set S of formulae for which P is true, the following 
conditions hold: 


Ao: S' contains no atomic formula and its negation. 


A,: For every formula A of type a in S, P holds for {S,A,} and 
{S, Ap}. 


Apo: For every formula B of type b in S, either P holds for {.S, By} or 
P holds for {S, Bo}. 


Ags: For every formula C of type c in S, P holds for {S,C(t)} for 
every term f. 


A: For every formula D of type d in S, for some constant c not 
occurring in S, P holds for {S, D(c)}. 


Prove that if P is an analytic consistency property and P holds for 
S, then S is satisfiable. 


Hint: The search procedure can be adapted to work with sets of for- 
mulae rather than sequents, by identifying each sequent [ — A with 
the set of formulae TU{B | B € A}, and using the rules correspond- 
ing to the definition of descendants given in problem 5.5.18. Using 
the search procedure applied to the set S (that is, to the sequent 
S —), show that at any stage of the construction of a deduction tree, 
there is a path such that P holds for the union of S and the union 
of the formulae along that path. Also, the constant c plays the same 
role as a new variable. 


Let L be a countable first-order language without equality. A set 
S of formulae is truth-functionally inconsistent iff S is the result of 
substituting first-order formulae for the propositional letters in an 
unsatisfiable set of propositions (see definition 5.3.11). We say that a 
formula A is truth-functionally valid iff it is obtained by substitution 
of first-order formulae into a tautology (see definition 5.3.11). We say 
that a finite set S = {Aj,..., Am} truth-functionally implies B iff the 
formula (A; A...\ Am) D> B is truth-functionally valid. A property P 
of sets of formulae is a synthetic consistency property iff the following 
conditions hold: 


(i) P is of finite character (see problem 3.5.12). 
(ii) For every set S of formulae, the following conditions hold: 


Bo: If S is truth-functionally inconsistent, then P does not hold for 
S; 


Bs: If P holds for $ then for every formula C of type c in S, P holds 
for {.S,C(t)} for every term t. 
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* 5.5.24, 


* 5.5.25. 


* 5.5.26. 


By: For every formula D of type d in S, for some constant c not 
occurring in S, P holds for {S, D(c)}. 


Bs: For every formula X, if P does not hold for {S,X} or {S,7X}, 
then P does not hold for $. Equivalently, if P holds for S, then for 
every formula X, either P holds for {S,X} or P holds for {$,7x} 


(a) Prove that if P is a synthetic consistency property then the fol- 
lowing condition holds: 


Bg: If P holds for S and a finite subset of S truth-functionally implies 
X, then P holds for {5, X}. 


(b) Prove that every synthetic consistency property is an analytic 
consistency property. 


(c) Prove that consistency within the Hilbert system H of problem 
5.5.4 is a synthetic consistency property. 


A set S of formulae is Henkin-complete if for every formula D = ArB 
of type d, there is some constant c such that B(c) is also in S. 


Prove that if P is a synthetic consistency property and S is a set of 
formulae that is both Henkin-complete and a maximal set for which 
P holds, then S is satisfiable. 


Hint: Show that S is a Hintikka set for the term algebra consisting 
of all terms built up from function, constant symbols, and variables 
occuring free in S. 


Prove that if P is a synthetic consistency property, then every set S 
of formulae for which P holds can be extended to a Henkin-complete 
set which is a maximal set for which P holds. 


Hint: Use the idea of problem 5.5.17. 


Use the above property to prove the completeness of the Hilbert sys- 
tem H. 


Let L be a countable first-order language without equality. The 
method of this problem that is due to Henkin (reported in Smullyan, 
1968, Chapter 10, page 96) yields one of the most elegant proofs of 
the model existence theorem. 


Using this method, a set that is both Henkin-complete and maximal 
consistent is obtained from a single construction. 


Let Aj,...,An,.-- be an enumeration of all L-formulae. Let P be 
a synthetic consistency property, and let S be a set of formulae for 
which P holds. Construct the sequence S;, as follows: 


So = S; 
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Gh ek S,U{An+i} If P satisfies S$, U {Anii}; 
eae (one {=An+1} otherwise; 


In addition, if A,+1 is a formula 4xD of type d, then add D(c) to 
S41 for some new constant c not in S,. (It may be necessary to add 
countably many new constants to L.) 


(a) Prove that S’ = U,.9 Sn is Henkin-complete, and a maximal set 
such that P holds for $”. 


(b) Let P be an analytic consistency property. Given a set S' of 
formulae, let Des(S) be the set of immediate descendants of formulae 
in S as defined in problem 5.5.18, and define S” by induction as 
follows: 


S°=S§; 
S™*! = Des(s”): 
Let S* = U oie 

n>0 


S* is called the set of descendants of S. Use the construction of (a) to 
prove that every set S of formulae for which P holds can be extended 
to a Henkin-complete subset S$’ of S* which is a maximal subset of 
S* for which P holds. 


Hint: Consider an enumeration of S* and extend S$ to a subset of S*, 
which is Henkin-complete and maximal with respect to P. 


Why does such a set generally fail to be the set of formulae satisfied 
by some structure? 


(c) Prove that if M is a subset of S* which is Henkin-complete and is 
a maximal subset of $* for which P holds, then M is a Hintikka set 
with respect to the term algebra H consisting of all terms built up 
from function symbols, constants, and variables occurring free in M. 


(d) Use (c) to prove that every set S of formulae for which P holds 
is satisfiable. 


5.6 A Gentzen System for First-Order Languages With 
Equality 


Let L be a first-order language with equality. The purpose of this section is 
to generalize the results of Section 5.5 to first-order languages with equality. 
First, we need to generalize the concept of a Hintikka set and lemma 5.4.5 to 
deal with languages with equality. 


5.6 A Gentzen System for First-Order Languages With Equality 231 


5.6.1 Hintikka Sets for Languages With Equality 


The only modification to the definition of a signed formula (definition 5.4.3) 
is that we allow atomic formulae of the form (s = t) as the formula A in TA 
or FA. 


Definition 5.6.1 A Hintikka S set with respect to a term algebra H (over the 
reduct Lg with equality) is a set of signed L-formulae such that the following 
conditions hold for all signed formulae A,B,C,D of type a,b,c,d: 


HO: No atomic formula and its conjugate are both in S (TA or FA is 
atomic iff A is). 


H1: If a type-a formula A is in S, then both A, and Ag are in S. 
H2: If a type-b formula B is in S, then either B, is in S or Bo is in S. 


H3: If a type-c formula C is in S, then for every t € H, C(t) is in S (we 
require that t is free for x in C for every t € Hf). 


HA4: If a type-d formula D is in S, then for at least one term t € H, D(t) 
is in S (we require that ¢ is free for z in D for every t € H). 


H5: Every variable « occurring free in some formula of S' is in H. 


H6(i): For every term t € H, 


T(t=theS. 


(ii): For every n-ary function symbol f in Lg and any terms $},..., Sn, 
th, ..,tn € H, 


T((s1 = ty) A... A (Sn = tn) =) (f81-.-8n = fty...tn)) ES. 


(iii): For every n-ary predicate symbol P in Lg (including =) and any 
terms $1,...,$n,¢1,..-,t, € H 


As in lemma 5.4.5, we can assume without loss of generality that the set 
of variables occurring free in formulae in S is disjoint from the set of variables 
occurring bound in formulae in S. 


The alert reader will have noticed that conditions H6(i) to H6(iii) do not 
state explicitly that = is an equivalence relation. However, these conditions 
will be used in the proof of lemma 5.6.1 to show that a certain relation on 
terms is a congruence as defined in Subsection 2.4.6. The generalization of 
lemma 5.4.5 is as follows. 
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Lemma 5.6.1 Every Hintikka set S (over a language with equality) with 
respect to a term algebra H is satisfiable in a structure Hg whose domain Hg 
is a quotient of H. 


Proof: In order to define the Lg-structure Hg, we define the relation = 
on the set of all terms in H as follows: 


st ifandonlyif T(s=t)e€S. 


First, we prove that = is an equivalence relation. 
(1) By condition H6(i), © is reflexive. 
(2) Assume that T(s = t) € S. By H6(iii), 


T((s =t)A(s=s)A Pss > Pts) €S 


for any binary predicate symbol P, and in particular when P is =. By H2, 
either T(t = s) € S or F((s = t) A(s = s) A(s = s)) € S. In the second 
case, using H2 again either F(s = t) € S, or F(s = s) € S. In each case we 
reach a contradiction by HO and H6(i). Hence, we must have T(t = s) € S, 
establishing that = is symmetric. 


(3) To prove transitivity we proceed as follows. Assume that T(r = s) 
and T(s = t) are in S. By (2) above, T(s =r) € S. By H6(iii), we have 


T((s=r)A(s=t)A(s=s)D(r=)) ES. 


(With P being identical to =.) A reasoning similar to that used in (2) shows 
that T(r = t) € S, establishing transitivity. 


Hence, & is an equivalence relation on H. 


We now define the structure Hg as follows. The domain Hg of this 
structure is the quotient of the set H modulo the equivalence relation ©, that 
is, the set of all equivalence classes of terms in H modulo & (see Subsection 
2.4.7). Given a term t € H, we let t denote its equivalence class. The 
interpretation function is defined as follows: 


Every constant c in Lg is interpreted as the equivalence class ¢; 
Every function symbol f of rank n in Lg is interpreted as the function 
such that, for any equivalence classes f,...,tn, 


fats (Fy «sFn) = Fla oda 


For every predicate symbol P of rank n in Lg, for any equivalence classes 
ti, ae ae 


Pas (fy stn) =< To if TPty..tr € 9, 


{x if FPt,...t, € S, 
or neither T'Pt,...t, nor F’Pty...tp, is in S. 
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To define a quotient structure as in Subsection 2.4.7, we need to show 
that the equivalence relation = is a congruence (as defined in Subsection 2.4.6) 
so that the functions fr, and the predicates Py, are well defined; that is, 
that their definition is independent of the particular choice of representatives 
ti, ...,¢n in the equivalence classes of terms (in H). This is shown using condi- 
tion H6(ii) for functions and condition H6(iii) for predicates. More specifically, 
the following claim is proved: 


Claim 1: For any terms $1,...,8n, t1,...,tn € A, if 3 = t fori=1,..,n, 
then: 


(i) For each n-ary function symbol f, 


fs1---Sn = ftt..-tn. 


(ii) For each n-ary predicate symbol P, 


if TPs,...5,€5S then TPty...t, € S, and 
if FPs...8s,€S then FPt,...t, € S. 


Proof of claim 1: 
To prove (i), assume that T(s; = t;) € S, for alli, 1 <i<n. Since by 
H6(ii), 
T((s1 — ty) Needs (Sn, = tn) 2) (f$1..-8n = fti...tn)) € S, 
by condition H2 of a Hintikka set, either 


T(fs1-.-8n — fti...tn) € S, 


But if F((s; = ti) A... A (8n = tn)) € S, by H2, some F(s; = t;) € S, 
contradicting HO. Hence, T(fs1...5, = fty...t,) must be in S, which is just 
the conclusion of (i) by the definition of the relation ~. 


Next, we prove (ii). If T’Ps,...s, € S, since by H6(iii), 
T((s1 = ty) NN aeeN (Sn, = tn) A Ps\...8n D Pty...tn) € S, 


by condition H2, either 
TPty...tn € S, 


or 
F((s, = ty) Kad (Sn = tn) A Ps\...8n) ES. 


By condition H2, either 
FP31...8n € S, 
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- F((s1 =t1)A...A (Sn = tn)) € S. 


In the first case, HO is violated, and in the second case, since we have assumed 
that T(s; = t;) € S for all 7, 1 <i <n, HO is also violated as in the proof of 
(i). Hence, TPt...t, must be in S. 


If FPs}...5n € S, since by H6(iii), 
T((t = $1) A... A (tn = Sn) A Pty...tn D P38}...8n) € S, 
either 
TPs}...8n E S, 


or 
F((t) = 81) A... A (tn = 8n) A Pty..tn) € S. 


In the first case, HO is violated. In the second case, either 
FPty...tn € S, 


= F((t1 = 51) A... A (tr = S$n)) ES. 


However, if 
F((t1 = $1) Nisseds (tn = Sn)) € S, 


since we have assumed that T's; = t; € S for all 7, 1 <7< n, and we have 
shown in (2) that whenever T's; = t; € S, then Tt; = s; is also in S$, HO is 
also contradicted. Hence, F'Pt,...t,, must be in S. This concludes the proof 
of claim 1. 


Claim (1)(i) shows that & is a congruence with respect to function sym- 
bols. To show that = is a congruence with respect to predicate symbols, we 
show that: 


If s; = t; for alli, 1 <i <n, then 


TPs,...8, € S iff TPty...t, © S and 
FP3}...8n ES iff FPty,...ty ES. 


Proof: If TPs1...5) € S, by claim 1(ii), TPty...t, € S. If TPs1...s, ¢ S, 
then either 
FP3}...8n € S, 


or 
FP3s,...8) € S. 


If FPs1...8n € S, by claim 1(ii), FPt,..ty € S, and by HO, TPty...t, ¢ S. 
If FPs1...8, ¢ S, then if TPt,...t, was in S, then by claim (ii), TPs1...8;, 
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would be in S, contrary to the assumption. The proof that F'Psj...s, € S iff 
FPty,...t, € S is similar. This concludes the proof. 


Having shown that the definition of the structure Hg is proper, let s be 
any assignment such that s(#) = Z, for each variable x € H. It remains to 
show that Hg and s satisfy S. For this, we need the following claim which is 
proved using the induction principle for terms: 


Claim 2: For every term t (in H), 
ty, [s] = ft. 


If t is a variable x, then xy,[s] = s(x) = Z, and the claim holds. 
If t is a constant c, then 
CHgs [5] = CH, = € 


by the definition of the interpretation function. 


If tisaterm ft,...t,, then 


(ft1...tk) Hs [s] = frts((t1) Hs [5], ---, (te )x1s[5])- 
By the induction hypothesis, for alli, 1 <i<k, 
(ti)us[s] = ti. 


Hence, 


(ftr..th)Hs[s] = fets((t1) Hs [8], --; (te) x5[5]) 
= fits (41, ---, tk). 


But by the definition of fH., 


fus(t1, sy Oi) = fti..-te 1 t. 


This concludes the induction and the proof of claim 2. 


Claim 2 is now used to show that for any atomic formula TPt,...t, € S, 
Pty...tn[s] is satisfied in Hg (and that for any F'Pty...t, € S, Pty...tn[s] is 
not satisfied in Hg). Indeed, if TPt...t, € S, by H5 and since H is a term 
algebra, t1,...,t, € H. Then, 


(Pty...tr) Hs [s] = Pus ((ti) Hs [s], Soe5 (tn Hs [s]) 
= (by Claim 2) Pug(h,...,f) = T. 


Hence, 
Hg FE (Pty...tn)[s]. 
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A similar proof applies when F'Pt,...t, € S. Also, if T(t; = tz) € S, by 
definition of & we have t; & tz, which is equivalent to f; = tg, that is, 
(ti) H,[s] = (t2)H5[s]. The rest of the argument proceeds using the induction 
principle for formulae. The propositional connectives are handled as before. 


Let us give the proof for a signed formula of type c. If a formula C’ of 
type cis in S, then by H3, C(#) is in S for every term t € H. By the induction 
hypothesis, we have 

Hg F C(t)[s]. 


By lemma 5.4.1, for any formula A, any term ¢ free for x in A, any structure 
M and any assignment v, we have 


(Alt/z]) mv] = (Ala/2]) mel, 


where a = tyy|v]. 


Since ty,[s] = t, we have 


(C[t/a))s[s] = (Clt/2]) uss). 


Hence, 
Hs  C(t)[s] iff Hs E Cs], 


and since ¢ € Hg, by lemma 5.4.4, this shows that 


As in lemma 5.4.5, Hg is expanded to an L-structure in which S is satisfiable. 
This concludes the proof that every signed formula in S is satisfied in Hg by 
the assignment s. 


5.6.2 The Gentzen System G. (Languages With Equal- 
ity) 

Let G— be the Gentzen system obtained from the Gentzen system G (defined 
in definition 5.4.1) by adding the following rules. 


Definition 5.6.2 (Equality rules for G.) Let T, A, A denote arbitrary 
sequences of formulae (possibly empty) and let t,s1,...,5n, t1,-..,fm denote ar- 
bitrary L-terms. 


For each term t, we have the following rule: 


T,t=toA 


reflexivit 
TOA f a 
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For each n-ary function symbol f and any terms s1,..., 5, t1,...,f, we 
have the following rule: 
Ty (3p ti) Ace AG th) D (fsiecsn = flicty) 
ToA 


For each n-ary predicate symbol P (including =) and any terms $1, ..., Sn, 
ty, ..-,¢n, we have the following rule: 
T,((s1 =t1) A... A (Sn = tn) A P81...8n) D Pty...tn ~ A 
TA 


Note that the reason these formulae are added after the rightmost for- 
mula of the premise of a sequent is that in the proof of theorem 5.6.1, this 
simplifies the reconstruction of a legal proof tree from a closed tree. In fact, 
as in definition 5.4.8, we generalize the above rules to inferences of the form 


T, Aj,..., Ap — A 
TOA 


where Aj,..., A, are any formulae of the form either 


t 
(sy =ti) A... A (Sn = tn) D (fS1..-58n = fti..tn), oF 


EXAMPLE 5.6.1 


Let 
A=Va(x = f(y) D P(x)) > P(f(y)), 


where f is a unary function symbol, and P is a unary predicate symbol. 


The following tree is a proof tree for A. 


T, P(f(y)), Vala = fly) > P(x) > P(F(y)) 
f(y) = fy) > P(F(y), Vala = fly) > P(a)) > PCF) 
Va(a = f(y) > P(a)) > P(f(y)) 
> Va(x = f(y) > P(a)) > P(f(y) 


where T{ is the tree 


Va(2 = f(y) > P(2)), f(y) = fly) > Fy) = Fly), POF) 
Va(ax = f(y) > P(a)) > Fy) = Fly), PF) 


238 5/First-Order Logic 


EXAMPLE 5.6.2 


Let 
A= P(f(y)) > Va(x = f(y) > P(e). 


The following tree is a proof tree for A. 
qT, P(z), P(f(y)), 2 = f(y) > Plz) 
(y), (Fy) = 2A P(F(y))) > Pz) > Plz) 


v 
— 
SY 
— 
= 
nN 

II 
SY 


P(f(y)) > Vala = f(y) > P(2)) 
> P(F(y)) 2 Vala = fly) > P(x) 


where T{ is the tree 
T» P(f(y)),2 = f(y) > P(f(y)), Plz) 
P(f(y)),2 = f(y) > Fy) =z A P(F(y)), P(e) 


T> is the tree 


Ts f(y) = 2, PFW), 2 = fy) > Fy) = 2, Plz) 
P(f(y)),2 = fw) (2 = fy) Nz = 2A2=2) 5 fly) =2—> fly) = 2, Pl2) 
P( f(y), 2 = FY) > Fy) = 2, Pl) 


and T3 is the tree 


So So 
P(f(y)),.2 = fW),2= 27 2=2zAhz= 2, fly) = 2, Plz) 
Si P(f(y)),2= fly) 7 z= 2AN2=2, fly) = 2, Plz) 
P(F(y)), 2 = FY) > z= fy) Az = 2A2=2, fly) = 2, Plz) 


and the sequent S% is 


P( f(y), 2 = fy), 2= 27 2=2, fly) = 2, Plz). 


5.6 A Gentzen System for First-Order Languages With Equality 239 


5.6.3 Soundness of the System G— 
First, the following lemma is easily shown. 
Lemma 5.6.2 For any of the equality rules given in definition 5.6.2 (includ- 


ing their generalization), the premise is falsifiable if and only if the conclusion 
is falsifiable. 


Proof: Straightforward, and left as an exercise. 


Lemma 5.6.3 (Soundness of the System G_) If a sequent is G=-provable 
then it is valid. 


Proof: Use the induction principle for G_-proofs and lemma 5.6.2. 


5.6.4 Search Procedure for Languages With Equality 


To prove the completeness of the system G = we modify the procedure expand 
in the following way. Given a sequent [9 — Ag, let L’ be the reduct of 
L consisting of all constant, function, and predicate symbols occurring in 
formulae in 9 — Ag (It is also assumed that the set of variables occurring 
free in Tgp — Ag is disjoint from the set of variables occurring bound in 
To — Ao, which is possible by lemma 5.3.4.) 


Let EQ1,9 be an enumeration of all L’-formulae of the form 


EQ2,9 an enumeration of all L’-formulae of the form 
(81 =f) A... A (Sn = tn) D (f$1..-8n = fty...t,) and 
EQ3,9 an enumeration of all L’-formulae of the form 
((s1 = ti) A... A (Sn = tn) A Ps1...8n) D Pty...tn, 


where the terms t, $1,...,$n,t1,...t, are built from the constant and function 
symbols in L’, and the set of variables free in formulae in 9 — Ag. Note 
that these terms belong to the set TERMS, defined in Subsection 5.5.1. 


For i > 1, we define the sets FQi;, EQ2,;, and E@3; as above, except 
that the terms t, $1, ...,$n,t1,..-tn belong to the lists AVAIL, (at the start). 
During a round, at the end of every expansion step, we shall add each formula 
that is the head of the list EQ;,,, where 7 = (RC mod 3) +1 (RC is a round 
counter initialized to 0 and incremented at the end of every round) for all 
i =0,...,NUMACT, to the antecedent of every leaf sequent. At the end of 
the round, each such formula is deleted from the head of the list EQ;;. In 
this way, the set S of signed formulae along any (finite or infinite) nonclosed 
path in the tree will be a Hintikka set. 
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We also add to the procedure search, statements to initialize the lists 
EQ i, EQ2; and EQ3,; as explained above. 


Note that if the sets FS, PS and CS are effective (recursive), recursive 
functions enumerating the lists FQi,;, EQ2,; and EQ3,, can be written (these 
lists are in fact recursive). 


In the new version of the search procedure for sequents containing the 
equality symbol, a leaf of the tree is finished iff it is an axiom. Hence, the 
search procedure always builds an infinite tree if the input sequent is not valid. 
This is necessary to guarantee that conditions H6(i) to (iii) are satisfied. 


Definition 5.6.3 Procedure search for a language with equality. 


Procedure Expand for a Language with Equality 


procedure expand(node : tree-address; var T : tree); 
begin 
let Ay,...,Am — B,...,By be the label of node; 
let S be the one-node tree labeled with 
Ay, seey Am —2 By, «day ag 
for 1:=1 tom do 
if nonatomic(A;) then 
grow-left(A;, 5) 
endif 
endfor; 
for 1:=1 ton do 
if nonatomic(B;) then 
grow-right(B;, S) 
endif 
endfor; 
for each leaf u of S do 
let! — A be the label of u; 
I’ :=T, head(L); 
A’ := A, head(R); 
for 1:=0 to NUM ACT) do 
IY := I", head( EQ; ;) 
endfor; 
create a new node ul labeled with T’ — A’ 
endfor; 
T := dosubstitution(T, node, S) 
end 
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Procedure Search for a Language with Equality 


procedure search(I9 — Ao : sequent; var T : tree); 
begin 
L := tail((); T := head(T); 
R := tail(Ao); A := head(Ao); 
let T be the one-node tree labeled with T — A; 
Let TERM, EQ1 3; EQ2 3; EQ3,i and AVAIL,, 0 S 1, 
be initialized as explained above. 
NUMACT := 0; RC := 0; 
while not all leaves of T are finished do 
TERM, := TERM; To := T; NUM ACT) := NUM ACT; 
j= (RC mod 3) +1; 
for each leaf node of To 
(in lexicographic order of tree addresses) do 
if not finished(node) then 
expand(node, T) 
endif 
endfor; 
TERM) := TERM; L:= tail(L); R:= tail(R); 
for i :=0 to NUMACT, do 
EQ; 4 = tail(EQ;,:) 
endfor; 
RC := RC +1; 
for i:=0 to NUMACT do 
TERM, := append(TERM, < head( AVAIL;), nil >); 
AVAIL, := tail(AVAIL;) 
endfor 
endwhile; 
if all leaves are closed 
then 
write (‘T is a proof of Ty > Ao’) 
else 
write (Ty — Ao is falsifiable’) 
endif 
end 


5.6.5 Completeness of the System G_ 


Using lemma 5.6.1, it is easy to generalize theorem 5.5.1 as follows. 


Theorem 5.6.1 For every sequent [9 — Ao containing the equality symbol 
and in which no free variable occurs bound the following holds: 


(i) If the input sequent Ty — Ao is valid, then the procedure search 
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halts with a closed tree T, from which a proof tree for a finite subsequent 
C1, ...;Cm 2 D1, ...,Dn of 9 — Apo can be constructed. 


(ii) If the input sequent [9 — Ag is falsifiable, then search builds an 
infinite counter-example tree T and Ig — Ao can be falsified in a finite or a 
countably infinite structure which is a quotient of t(T ERM). 


Proof: It is similar to that of theorem 5.5.1 but uses lemma 5.6.1 instead 
of lemma 5.4.5 in order to deal with equality. What is needed is the following 
claim: 


Claim: If S is the set of signed formulae along any nonclosed path in 
the tree T generated by search, the set Hy = t(TERM,) is a term algebra 
(over the reduct L’) and S is a Hintikka set for Hg. 


The proof of the claim is essentially the same as the proof given for the- 
orem 5.5.1. The only difference is that it is necessary to check that conditions 
H6(i) to (iii) hold, but this follows immediately since all formulae in the lists 
EQ; and EQ;,, for all activated variables y; (¢ > 0) are eventually entered 
in each infinite path of the tree. 


Corollary (A version of Gédel’s extended completeness theorem for G_) 
Let L be a first-order language with equality. A sequent in which no variable 
occurs both free and bound (even infinite) is valid iff it is G.-provable. 


Again, as observed in Section 5.5 in the paragraph immediately after 
the proof of theorem 5.5.1, although constructive and theoretically complete, 
the search procedure is horribly inefficient. But in the case of a language 
with equality, things are even worse. Indeed, the management of the equality 
axioms (the lists EQ;,;) adds significantly to the complexity of the bookkeep- 
ing. In addition, it is no longer true that the search procedure always halts 
for quantifier-free sequents, as it does for languages without equality. This is 
because the equality rules allow the introduction of new formulae. 


It can be shown that there is an algorithm for deciding the validity 
of quantifier-free formulae with equality by adapting the congruence closure 
method of Kozen, 1976, 1977. For a proof, see Chapter 10. 


The difficulty is that the search procedure no longer preserves the prop- 
erty known as the subformula property. For languages without equality, the 
Gentzen rules are such that given any input sequent [ — A, the formulae 
occurring in any deduction tree with root [ — A contain only subformulae 
of the formulae in T — A. These formulae are in fact “descendants” of the 
formulae in I — A, which are essentially “signed subformulae” of the formu- 
lae in T — A (for a precise definition, see problem 5.5.18). We also say that 
such proofs are analytic. But the equality rules can introduce “brand new” 
formulae that may be totally unrelated to the formulae in ! — A. Of course, 
one could object that this problem arises because the rules of G= were badly 
designed, and that this problem may not arise for a better system. However, 
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it is not easy to find a complete proof system for first-order logic with equal- 
ity, that incorporates a weaker version of the subformula property. It will be 
shown in the next chapter that there is a Gentzen system LK, such that for 
every sequent [ — A provable in Ge, there is a proof in LK, in which the for- 
mulae occurring in the proof are not too unrelated to the formulae in T — A. 
This is a consequence of the cut elimination theorem without essential cuts 
for LK,.. Nevertherless, theorem proving for languages with equality tends 
to be harder than theorem proving for languages without equality. We shall 
come back to this point later, in particular when we discuss the resolution 
method. 


Returning to the completeness theorem, the following classical results 
apply to first-order languages with equality and are immediate consequences 
of theorem 5.6.1. 


5.6.6 Lowenheim-Skolem, Compactness, and Model Ex- 
istence Theorems for Languages With Equality 


For a language with equality, the structure given by L6wenheim-Skolem the- 
orem may be finite. 


Theorem 5.6.2 (Loéwenheim-Skolem) Let L be a first-order language with 
equality. If a set of formulae T over L is satisfiable in some structure M, then 
it is satisfiable in a structure whose domain is at most countably infinite. 


Proof: From theorem 5.6.1, I is satisfiable in a quotient structure of Hs. 
Since, Hg is countable, a quotient of Hg is countable, but possibly finite. 


Theorem 5.6.3 (Compactness theorem) Let L be a first-order language 
with equality. For any (possibly countably infinite) set I of formulae over L, 
if every nonempty finite subset of I is satisfiable then I is satisfiable. 


Theorem 5.6.4 (Model existence theorem) Let L be a first-order language 
with equality. If a set of formulae over L is consistent, then it is satisfiable. 


Note that if I is consistent, then by theorem 5.6.4 the sequent [ — is 
falsifiable. Hence the search procedure run on input [ — will actually yield 
a structure Hs (with domain a quotient of t([ERMo)) for each Hintikka set 
S arising along each nonclosed path in the tree JT, in which S and [ are 
satisfiable. 


We also have the following lemma. 


Lemma 5.6.4 (Consistency lemma) Let L be a first-order language with 
equality. If a set I of formulae is satisfiable then it is consistent. 
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5.6.7 Maximal Consistent Sets 


As in Subsection 5.5.5, a consistent set T. of first-order formulae (possibly 
involving equality) is mazimally consistent (or a maximal consistent set) iff, 
for every consistent set A, if [ C A, then T = A. Lemma 5.5.2 can be easily 
generalized to the first-order languages with equality. 


Lemma 5.6.5 Given a first-order language (with or without equality), every 
consistent set I is a subset of some maximal consistent set A. 


Proof: Almost identical to that of lemma 3.5.5, but using structures 
instead of valuations. 


5.6.8 Application of the Compactness and Lowenheim- 
Skolem Theorems: Nonstandard Models of Arithmetic 


The compactness and the Lowenhein-Skolem theorems are important tools in 
model theory. Indeed, they can be used for showing the existence of countable 
models for certain interesting theories. As an illustration, we show that the 
theory of example 5.3.2 known as Peano’s arithmetic has a countable model 
nonisomorphic to N, the set of natural numbers. Such a model is called a 
nonstandard model. 


EXAMPLE 5.6.3 
Let L be the language of arithmetic defined in example 5.3.1. The fol- 


lowing set Ap of formulae is known as the axioms of Peano’s arithmetic: 
Van(S(x) = 0) 
VaVy(S(x) = S(y) Dx =y) 


Va(a +0 = 2) 
VaVy(x + S(y) = S(x+y)) 
Va(ax * 0 = 0) 


VaVy(a * S(y) =a*xy+a2) 
For every formula A with one free variable x, 


(A(0) AVa(A(@) > A(S(x)))) > VyA) 


Let L’ be the expansion of L obtained by adding the new constant c. 
Let I be the union of Ap and the following set J of formulae: 


I={7A(0=c),70 =0),...,4.(n =0),...}, 


where n is an abbreviation for the term S(.S(...(0))), with m occurrences 
of S. 


Observe that N can be made into a model of any finite subset of T. 
Indeed, N is a model of Ap, and to satisfy any finite subset X of J, it is 
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sufficient to interpret c as any integer strictly larger than the maximum 
of the finite set {n | =(n = c) € X}. Since every finite subset of T is 
satisfiable, by the compactness theorem, [ is satisfiable in some model. 
By the Lowenheim-Skolem theorem, I has a countable model, say Mo. 
Let M be the reduct of Mo to the language L. The model M still 
contains the element a, which is the interpretation of c € L’, but since 
c does not belong to L, the interpretation function of the structure M 
does not have c in its domain. 


It remains to show that M and N are not isomorphic. An isomorphism 
h from M to N is a bijection h : M — N such that: 


h(Om) = 0 and, for all x,y € M, 
h(Sm(x)) = S(A(x)), 
h(a+m y) =x+y and 
h(a em y) = 2*y. 


Assume that there is an isomorphism h between M and N. Let k € N 
be the natural number h(a) (with a = cy, in Mo). Then, for alln EN, 


Indeed, since the formula 7(n = c) is valid in Mo, 
mum £ainM, 


and since h is injective, nw 4 a implies h(nm) 4 h(a), that is, n # k. 
But then, we would have k 4 k, a contradiction. 


It is not difficult to see that in the model M, my 4 nm, whenever m 4 
n. Hence, the natural numbers are represented in M, and satisfy Peano’s 
axioms. However, there may be other elements in M. In particular, the 
interpretation a of c € L’ belongs to M. Intuitively speaking, a is an 
infinite element of M. 


A model of Ap nonisomorphic to N such as M is called a nonstandard 
model of Peano’s arithmetic. 


For a detailed exposition of model theory including applications of the 
compactness theorem, Lowenheim-Skolem theorem, and other results, the 
reader is referred to Chang and Keisler, 1973; Monk, 1976; or Bell and Slom- 
son, 1969. The introductory chapter on model theory by J. Keisler in Barwise, 
1977, is also highly recommended. 
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PROBLEMS 


5.6.1. 


5.6.2. 


5.6.3. 


5.6.4. 


5.6.5. 


5.6.6. 


Give proof tree for the following formulae: 


Va(a = x) 
Voz... VanVyr...Vyn((@1 = Yt A.» An = Yn) D 


(f(x1, dary Sai) = f(y, +) Yn))) 
Vay... VanVy1...Vyn(((@1 = yt A. An = Yn) A P(a1,..-,2n)) D 


Ply, <9 Ua) 


The above formulae are called the closed equality axioms. 


Let S =T — A be a sequent, and let S, be the set of closed equality 
axioms for all predicate and function symbols occurring in S. Prove 
that the sequent [ — A is provable in G iff the sequent S.,[ — A 
is provable in Gz + {cut}. 


Prove that the following formula is provable: 
f(a) =a f(a) =aDd f(a) =a 


Let * be a binary function symbol and 1 be a constant. Prove that 
the following sequent is valid: 


Vae(+(a,1) = x), Va(+(1,2) = 2), 
VayW2(#(a, *(y, 2)) = *(#(@, y), 2)), 
Var(+(a, a) = 1) > Vavy(*(2,y) = *(y, ©) 


Give proof trees for the following formulae: 


Vady(a = y) 
Alt/z] = Va((a = t) D A), if « ¢ Var(t) and t is free for x in A. 
Alt/x] = da((a = t) A A), if « ¢ Var(t) and t is free for x in A. 


(a) Prove that the following formulae are valid: 


CH= 2x 
L=yd(ew=zdy=2z) 
f= yD (P(aQ,..., 2-1, , Vidi, ---) Ln) D 
P(21, -.-5 Li-1, Ys Lit, +) Ln)) 


rz=yD 


(f(@1, seep Dj-1, U, Vit, eax) = f(®1, sop Vi-15Y, Vi41, nifD )) 
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* 5.6.7. 


Consider the extension H— of the Hilbert system H defined in prob- 
lem 5.5.4 obtained by adding the above formulae known as the open 
equality axioms. 


(b) Prove that 
VaeVy(a@ = yD y=2) 


and 


VaeVyV2(a2 =yAy=zDu=2z) 
are provable in H_. 


(c) Given a set S of formulae (over a language with equality), let S. 
be the set of universal closures (defined in problem 5.3.10) of equality 
axioms for all function and predicate symbols occuring in S. Prove 
that 

StAin HH. iff S,S.+ Ain H. 


(d) Prove the completeness of the Hilbert system H_. 


Hint: Use the result of problem 5.5.10 and, given a model for S'U S¢, 
construct a model of S in which the predicate symbol = is interpreted 
as equality, using the quotient construction. 


In languages with equality, it is possible to eliminate function and 
constant symbols as shown in this problem. 


Let L be a language (with or without equality). A relational version 
of L is a language L’ with equality satisfying the following properties: 


(1) L’ has no function or constant symbols; 


(2) There is an injection T : FSUCS — PS’ called a translation such 
that r(T(f)) = r(f) +1; 


(3) PS’ = PSUT(FSUCS), and T(FS UCS) and PS are disjoint. 
We define the T-translate A? of an L-formula A as follows: 


(1) If A is of the form (s = x), where s is a term and x is a variable, 
then 


(i) If s is a variable y, then (y= 2)? = (y = 2); 


(ii) If s is a constant c, then (ec = x)? = T(c)(x), where T(c) is the 
unary predicate symbol associated with c; 


(iii) If s is a term of the form fs,...s,, then 


(¢= 2)" = Fy. dynl(s1 = 91) A-.A(Gn = Yn) ATP) (91) os Yar 2D); 


where yj, ..., Yn are new variables, and T(f) is the (n+1)-ary predicate 
symbol associated with f; 
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(2) If A is of the form (s = t), where ¢ is not a variable, then 


(s = 1)" = 3y((s+y)7 A(t=y)"), 


where y is a new variable. 
(3) If A is of the form Ps}...s,, then 
(i) If every s1,...,8» is a variable, then (Ps1...8,)? = Ps8}...8n; 


(ii) If some s; is not a variable, then 


(Ps1...8n)* = dy....dyn[Pyi..-Yn A (81 = yi) A.A (82 = Yn)" |; 


where Yj, ...,Yn are new variables. 


(4) If A is not atomic, then 


(-B)? = =B?, 
(BV C)’ =BT vCT, 
(BAC)? = BT AC", 

(BDC)? =(BT 2%), 
(VzB)? =VxB", 
(darB)? = 3aBT. 


For every function or constant symbol f in L, the existence condition 
for f is the following sentence in L’: 


Vary1..VandyT(f)(x1,.--,2n5 Y)} 


The uniqueness condition for f is the following sentence in L’: 


Vayz..VanVyV2(T(f) (21,5 2n,y) AT (Ff) (21, +; €n, 2) D y = 2). 


The set of translation conditions is the set of all existence and unique- 
ness conditions for all function and constant symbols in L. 


Given an L-structure A, the relational version A’ of A has the same 
domain as A, the same interpretation for the symbols in PS, and 
interprets each symbol T(f) of rank n+ 1 as the relation 


{(x1, say Del) = Ant | fa(@1, GPs) = y}. 


Prove the following properties: 


(a) For every formula A of L, if A does not contain function or con- 
stant symbols, then A? = A. 
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(b) Let A be an L-structure, and A’ its relational version. Prove 
that A’ is a model of the translation conditions. Prove that for every 
L-formula A, for every assignment s, 


AE Als] iff A’ ATs]. 


(c) For every L’-formula A, let A* be the formula obtained by replac- 
ing every atomic formula T(f)(x1,...,%n,y) by (f(@1,...,2n) = y). 
Prove that 

A; A*[s] iff A’ E Als]. 


(d) Prove that if B is an L’-structure which is a model of the trans- 
lation conditions, then B = A’ for some L-structure A. 


(e) Let T be a set of L-formulae, and A any L-formula. Prove that 


TEA iff 
{B’ | BET}U{B| Bisa translation condition} / A’. 


Let L be a first-order language with equality. A theory is a set I’ of 
L-sentences such that for every L-sentence A, if [ E A, then A ET. 
If L’ is an expansion of L and I” is a theory over L’, we say that I’ 
is conservative over I, iff 


{A | A is an L-sentence in IY} = T. 


Let I be a theory over L, L’ an expansion of L, and I” a theory over 
L’. 

(i) If P is an n-ary predicate symbol in L’ but not in L, a possible 
definition of P over Tis an L-formula A whose set of free variables is 
a subset of {21,...,Un}. 


(ii) If f is an n-ary function symbol or a constant in L’ but not in L, 
a possible definition of f over T is an L-formula A whose set of free 
variables is a subset of {21, ...,%n, y}, such that the following existence 
and uniqueness conditions are in I: 


Vaz..VindyA, 
Vay1..VanVyV2(A(a1,..)2n,y) A A(01,-.,0n, 2) Dy = 2). 


(iii) We say that I’ over L’ is a definitional extension of T over L iff 
for every constant, function, or predicate symbol X in L’ but not in 
L, there is a possible definition Ax over [ such that the condition 
stated below holds. 
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For every possible definition Ax, the sentence A, is defined as fol- 
lows: 


For an n-ary predicate symbol P, let A‘ be the sentence 


Va1..V@n(P2,...2n = Ap); 


For an n-ary function symbol or a constant f, let A’ be the sentence 
Va1...V0,Vy((f2iitn =) = Af): 
Then we require that 


I’ = {B| Bis an L’-formula such that, 
TU {AX | X is a symbol in L’ not in L} — B}. 


(a) Prove that if I’ is a definitional extension of T, then for every 
L’-formula A, there is an L-formula A? with the same free variables 
as A, such that 

I’ (A= A?). 


Hint: Use the technique of problem 5.6.7. 
(b) Prove that I’ is conservative over I. 


Let [I be a theory over a language L. A set of azioms A for IT is any 
set of L-sentences such that 


T={B| AK B}. 


Given an L-formula A with set of free variables {71, ...,%n,y}, assume 
that 


TE Vay...VaindyA(a1,...,0n,Y)- 


Let L’ be the expansion of L obtained by adding the new n-ary func- 
tion symbol f, and let I’ be the theory with set of axioms 


TU {Va1..Vty, Ani, 5 2n, f(1,---5Un))}- 


Prove that I’ is conservative over I. 


Let L be a first-order language with equality. From problem 5.6.1, 
the closed equality axioms are provable in G_. Recall the concept of 
a Henkin theory from problem 5.5.17. 


(a) Prove that a maximally consistent (with respect to G_) Henkin 
theory T’ of sentences is a Hintikka set with respect to the term 
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algebra H consisting of all closed terms built up from the function 
and constant symbols in L”. 


(b) Prove that every consistent set T’ of L-sentences is satisfiable. 
(c) Prove that a formula A with free variables {21, ..., Z,} is satisfiable 
iff Alc: /21, ...,Cn/n] is satisfiable, where cy, ...,cp are new constants. 
Using this fact, prove that every consistent set T’ of L-formulae is 
satisfiable. 


Prove that in G_ + {cut}, 


I = A is not provable in Gz + {cut} iff 
TU {=A} is consistent. 


Use the above fact and problem 5.6.10 to give an alternate proof of 
the extended completeness theorem for Gz + {cut}. 


Prove that the results of problem 5.6.10 hold for languages with equal- 
ity of any cardinality. Using Zorn’s lemma, prove that the results of 
problem 5.6.10 hold for languages of any cardinality. Thus, prove that 
the extended completeness theorem holds for languages with equality 
of any cardinality. 


For a language L with equality of cardinality a, show that the car- 
dinality of the term algebra arising in problem 5.6.10 is at most a. 
Conclude that any consistent set of L-sentences has a model of car- 
dinality at most a. 


Let L be a countable first-order language with equality. A property P 
of sets of formulae is an analytic consistency property if the following 
hold: 


(i) P is of finite character (see problem 3.5.12). 


(ii) For every set S of formulae for which P is true, the following 
conditions hold: 


Ag: S contains no atomic formula and its negation. 


A,: For every formula A of type a in S, P holds for {S,A,} and 
{S, Ag}. 


Ap: For every formula B of type b in S, P holds either for {.5, By} or 
for {S, Bo}. 


Ag: For every formula C of type c in S, P holds for {S,C(t)} for 
every term t. 


A4: For every formula D of type d in S, for some constant c not in 
S, P holds for {S, D(c)}. 


As (i): For every term t, if P holds for S then P holds for {S, (t = t)}. 
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(ii): For each n-ary function symbol f, for any terms 51,..., $y, ¢1, 
.., tn, if P holds for S then P holds for 


(iii): For each n-ary predicate symbol Q (including =), for any 
terms S$1,...,5n, t1,--.,tn, if P holds for S then P holds for 


{S, (s1 = ty) Aoicsds (Sn = tn) A Qs1..-8n =) Qt1...tn}. 


Prove that if P is an analytic consistency property and P holds for 
S, then S' is satisfiable. 


Hint: See problem 5.5.22. 


Let L be a countable first-order language with equality. A set S 
of formulae is truth-functionally inconsistent iff S is the result of 
substituting first-order formulae for the propositional letters in an 
unsatisfiable set of propositions (see definition 5.3.11). We say that a 
formula A is truth-functionally valid iff it is obtained by substitution 
of first-order formulae into a tautology (see definition 5.3.11). We say 
that a finite set S = {Aj,..., Am} truth-functionally implies B iff the 
formula 


is truth-functionally valid. A property P of sets of formulae is a 
synthetic consistency property iff the following conditions hold: 


(i) P is of finite character (see problem 3.5.12). 
(ii) For every set S of formulae, the following conditions hold: 


Bo: If S is truth-functionally inconsistent, then P does not hold for 
S; 


Bs: If P holds for S$ then for every formula C of type c in S, P holds 
for {S,C(t)} for every term t. 


By: For every formula D of type d in S,, for some constant c not in 
S, P holds for {S, D(c)}. 


Bs: For every formula X, if P does not hold for {S,X} or {S,7X}, 
then P does not hold for $. Equivalently, if P holds for S, then for 
every formula X, either P holds for {S,X} or P holds for {$,7X}. 


Bg (i): For every term t, if P holds for S then P holds for {S, (t = t)}. 


(ii): For each n-ary function symbol f, for any terms 51,..., $y, ¢1, 
...y tn, if P holds for S then P holds for 


{S, (s1 = ty) A... A (Sn = tn) =) (f81.--8n = ftiaty)\ 
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(iii): For each n-ary predicate symbol Q (including =), for any 
terms $1,...,5n, t1,-..,tn, if P holds for S$ then P holds for 


{S, (s1 = ty) Diwscd (Sn = tn) A Qs1...8n =) Qt1...tn}. 


(a) Prove that if P is a synthetic consistency property then the fol- 
lowing condition holds: 


Bz: If P holds for S and a finite subset of S truth-functionally implies 
X, then P holds for {S, X}. 

(b) Prove that every synthetic consistency property is an analytic 
consistency property. 


(c) Prove that consistency within the Hilbert system H— of problem 
5.6.6 is a synthetic consistency property. 


A set S' of formulae is Henkin-complete iff for every formula D = 4rB 
of type d, there is some constant c such that B(c) is also in S. 


Prove that if P is a synthetic consistency property and S is a set of 
formulae that is both Henkin-complete and a maximally set for which 
P holds, then S' is satisfiable. 


Hint: Show that S is a Hintikka set for the term algebra consisting 
of all terms built up from function, constant symbols, and variables 
occurring free in S. 


Prove that if P is a synthetic consistency property, then every set S 
of formulae for which P holds can be extended to a Henkin-complete 
set which is a maximal set for which P holds. 


Hint: Use the idea of problem 5.5.17. 


Use the above property to prove the completeness of the Hilbert sys- 
tem He. 


Let L be a countable first-order language with equality. Prove that 
the results of problem 5.5.26 are still valid. 


Given a first-order language L with equality, for any L-structure M, 
for any finite or countably infinite sequence X of elements in M (the 
domain of the structure M), the language Lx is the expansion of 
L obtained by adding new distinct constants ({c1,...,cn} if X =< 
1, -+;An >, {C1, ++; Cn; Cnt1;---} if X is countably infinite) to the set of 
constants in L. The structure (M, X) is the expansion of M obtained 
by interpreting each c; as a;. 


An L-structure M is countably saturated if, for every finite sequence 
X =< Q4,...,@, > of elements in M, for every set I(x) of formulae 
with at most one free variable x over the expanded language Lx, 
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if every finite subset of I(x) is satisfiable in (M,X) then I(x) is 
satisfiable in (M, X). 


(1) Prove that every finite structure M is countably saturated. 


Hint: Show that if the conclusion does not hold, a finite unsatisfiable 
subset of I'(a) can be found. 


(2) Two L-structures A and B are elementary equivalent if, for any 
L-sentence D, 


AED ifandonlyif BED. 


(a) Assume that A and B are elementary equivalent. Show that for 
every formula E(x) with at most one free variable x, E() is satisfiable 
in A if and only if E(x) is satisfiable in B. 


(b) Let X =< ay,...,dn > and Y =< by,...,b, > be two finite se- 
quences of elements in A and B respectively. Assume that (A,X) 
and (B,Y) are elementary equivalent and that A is countably satu- 
rated. 


Show that for any set ['(x) of formulae with at most one free vari- 
able x over the expansion Ly such that every finite subset of (2) is 
satisfiable in (B, Y), ['(z) is satisfiable in (A, X). (Note that the lan- 
guages Ly and Ly are identical. Hence, we will refer to this language 
as Lx.) 


(c) Assume that A and B are elementary equivalent, with A count- 
ably saturated. Let Y =< 01,...,bn,... > be a countable sequence of 
elements in B. 


Prove that there exists a countable sequence X =< Qj,...,@n,... > of 
elements from A, such that (A, X) and (B,Y) are elementary equiv- 
alent. 


Hint: Proceed in the following way: Define the sequence X, =< 
@1,..-,;@n > by induction so that (A, X,) and (B, Y,,) are elementary 
equivalent (with Y;,, =< 6j,...,0n >) as follows: Let I(x) be the set 
of formulae over Ly,, satisfied by b,+1 in (B,Y,,). 


Show that I(x) is maximally consistent. Using 2(b), show that T(x) 
is satisfied by some a,+41 in (A, X,,) and that it is the set of formulae 
satisfied by a@n41 in (A, X,) (recall that ['(a) is maximally consis- 
tent). Use these properties to show that (A, X,+1) and (B, Y,,41) are 
elementary equivalent. 


(d) If (A,X) and (B,Y) are elementary equivalent as above, show 
that 
a,=a,; ifandonly if 6; = 6; for alli,j >1. 
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(e) Use (d) to prove that if A and B are elementary equivalent and 
A is finite, then B is isomorphic to A. 


5.6.20. Write a computer program implementing the search procedure in the 
case of a first-order language with equality. 


Notes and Suggestions for Further Reading 


First-order logic is a rich subject that has been studied extensively. We 
have presented the basic model-theoretic and proof-theoretic concepts, us- 
ing Gentzen systems because of their algorithmic nature and their concep- 
tual simplicity. This treatment is inspired from Kleene, 1967. For more on 
Gentzen systems, the reader should consult Robinson, 1979; Takeuti, 1975; 
Szabo, 1969; or Smullyan, 1968. 


We have focused our attention on a constructive proof of the complete- 
ness theorem, using Gentzen systems and Hintikka sets. For more details on 
Hintikka sets and related concepts such as consistency properties, the reader 
is referred to Smullyan, 1968. 


There are other proof systems for first-order logic. Most texts adopt 
Hilbert systems. Just to mention a few texts of varying degree of difficulty, 
Hilbert systems are discussed in Kleene, 1952; Kleene, 1967; Enderton, 1972; 
Shoenfield, 1967; and Monk, 1976. A more elementary presentation of first- 
order logic tailored for computer scientists is found in Manna and Waldinger, 
1985. Natural deduction systems are discussed in Kleene, 1967; Van Dalen, 
1980; Prawitz, 1965; and Szabo, 1969. A variant of Gentzen systems called 
the tableaux system is discussed at length in Smullyan, 1968. Type Theory 
(higher-order logic “a la Church”), including the Gédel incompleness theo- 
rems, is discussed in Andrews 1986. 


An illuminating comparison of various approaches to the completeness 
theorem, including Henkin’s method, can be found in Smullyan, 1968. 


Since we have chosen to emphasize results and techniques dealing with 
the foundations of (automatic) theorem proving, model theory is only touched 
upon lightly. However, this is a very important branch of logic. The reader 
is referred to Chang and Keisler, 1973; Bell and Slomson, 1974; and Monk, 
1976, for thorough and advanced expositions of model theory. The article 
on fundamentals of model theory by Keisler, and the article by Eklof about 
ultraproducts, both in Barwise, 1977, are also recommended. Barwise 1977 
also contains many other interesting articles on other branches of logic. 


We have not discussed the important incompleteness theorems of Gédel. 
The reader is referred to Kleene,1952; Kleene, 1967; Enderton, 1972; Shoen- 
field, 1967; or Monk, 1976. One should also consult the survey article by 
Smorynski in Barwise, 1977. 


Chapter 6 


Gentzen’s Cut Elimination 
Theorem And Applications 


6.1 Introduction 


The rules of the Gentzen system G (given in definition 5.4.1) were chosen 
mainly to facilitate the design of the search procedure. The Gentzen system 
LK" given in Section 3.6 can be extended to a system for first-order logic 
called LK, which is more convenient for constructing proofs in working down- 
ward, and is also useful for proof-theoretical investigations. In particular, 
the system LK will be used to prove three classical results, Craig’s theorem, 
Beth’s theorem and Robinson’s theorem, and will be used in Chapter 7 to 
derive a constructive version of Herbrand’s theorem. 


The main result about LK is Gentzen’s cut elimination theorem. An 
entirely proof-theoretic argument (involving only algorithmic proof transfor- 
mation steps) of the cut elimination can be given, but it is technically rather 
involved. Rather than giving such a proof (which can be found in Szabo, 
1969, or Kleene, 1952), we will adopt the following compromise: We give a 
rather simple semantic proof of Gentzen’s cut elimination theorem (using the 
completeness theorem) for LK, and we give a constructive proof of the cut 
elimination for a Gentzen system G1"! simpler than LK (by constructive, 
we mean that an algorithm for converting a proof into a cut-free proof is ac- 
tually given). The sequents of the system G1” are pairs of sets of formulae 
in negation normal form. This system is inspired from Schwichtenberg (see 
Barwise, 1977). The cut elimination theorem for the system G1"! which 
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includes axioms for equality is also given. 
Three applications of the cut elimination theorem will also be given: 
Craig’s interpolation theorem, 
Beth’s definability theorem and 
Robinson’s joint consistency theorem. 


These are classical results of first-order logic, and the proofs based on 
cut elimination are constructive and elegant. Beth’s definability theorem also 
illustrates the subtle interaction between syntax and semantics. 


A new important theme emerges in this chapter, and will be further elab- 
orated in Chapter 7. This is the notion of normal form for proofs. Gentzen’s 
cut elimination theorem (for LK or LK.) shows that for every provable se- 
quent [ — A, there is a proof in normal form, in the sense that in the system 
LK, the proof does not have any cuts, and for the system Lk¢, it has only 
atomic cuts. In the next chapter, it will be shown that this normal form can 
be improved if the formulae in the sequent are of a certain type (prenex form 
or negation normal form). This normal form guaranteed by Gentzen’s Sharp- 
ened Hauptsatz is of fundamental importance, since it reduces provabilily in 
first-order logic to provability in propositional logic. 


Related to the concept of normal form is the concept of proof transfor- 
mation. Indeed, a constructive way of obtaining proofs in normal form is to 
perform a sequence of proof transformations. 


The concepts of normal form for proofs and of proof transformation are 
essential. In fact, it turns out that the completeness results obtained in the 
remaining chapters will be obtained via proof transformations. 


First, we consider the case of a first-order language without equality. In 
this Chapter, it is assumed that no variable occurs both free and bound in 
any sequent (or formula). 


6.2 Gentzen System LK for Languages Without Equal- 
ity 


The system LK is obtained from LK’ by adding rules for quantified formulae. 


6.2.1 Syntax of LK 


The inference rules and axioms of LK are defined as follows. 


Definition 6.2.1 Gentzen system LK. The system LK consists of struc- 
tural rules, the cut rule, and of logical rules. The letters T, A, A, © stand 
for arbitrary (possibly empty) sequences of formulae and A, B for arbitrary 
formulae. 
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(1) Structural rules: 
(i) Weakening: 


TOA TA 


ADR (left) rca (right) 
A is called the weakening formula 
(ii) Contraction: 
A,A,T 3A ToA,A,A ,. 
AAS (left) roAd (right) 
(iii) Exchange: 
T,A,B,ASA T3A,A,B,A 


RecA: Tope 


(2) Cut rule: 
T-A,A A,A-0O 


T,A>A,0 


A is called the cut formula of this inference. 


(3) Logical rules: 


A,TAA BTA 


AABEFOA (A: left) and AABToA (A : left) 
PAA Eye (A : right) 
T-A,AAB 
aoe (Vv : left) 
eae (V: right) and =, (V : right) 
GSE R Re OM pe aap Orit 
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ToA,A 
AA,T oA 


ATA 


(7 : left) [tsi (4 : right) 
In the rules above, AV B, AA B, A D B, and =A are called the principal 
formulae and A, B the side formulae of the inference. 


In the quantifier rules below, x is any variable and y is any variable free 
for x in A and not free in A, unless y = x (y € FV(A) — {x}). The term t is 
any term free for x in A. 


Alt/z],.T +A PA, Aly/z] ,, |. 
Vee AC (V: left) ere Wy (V : right) 
Aly/#|,0 = As Po A,Alt/a} 52... 
GArasa 8" OU “aaa 


Note that in both the (V : right)-rule and the (3 : le ft)-rule, the variable 
y does not occur free in the lower sequent. In these rules, the variable y is 
called the eigenvariable of the inference. The condition that the eigenvariable 
does not occur free in the conclusion of the rule is called the ezgenvariable 
condition. The formula VxA (or 4xA) is called the principal formula of the 
inference, and the formula A[t/z] (or A[y/a]) the side formula of the inference. 


The azioms of the system LK are all sequents of the form A — A. 


Note that since the system LK contains the exchange rules, the order of 
the formulae in a sequent is really irrelevant. Hence, we can view a sequent 
as a pair of multisets (as defined in problem 2.1.8). 


Proof trees and deduction tree are defined inductively as in definition 
3.4.5, but with the rules of the system LK given in definition 6.2.1. If a 
sequent has a proof in the system G we say that it is G-provable and similarly, 
if it is provable in the system LK, we say that it is LK-provable. The system 
obtained from LK by removing the cut rule is denoted by LK — {cut}. We 
also say that a sequent is LK-provable without a cut if it has a proof tree 
using the rules of the system LK — {cut}. 


6.2.2 The Logical Equivalence of the Systems G, LK, 
and LK — {cut} 


We now show that the systems G and LK are logically equivalent. We will in 
fact prove a stronger result, namely that G, LK —{cut} and LK are equivalent. 
First, we show that the system LK is sound. 
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Lemma 6.2.1 Every axiom of LK is valid. For every rule of LK, if the 
premises of the rule are valid, then the conclusion of the rule is valid. Every 
LK-provable sequent is valid. 


Proof: The proof uses the induction principle for proofs and is straight- 
forward. 


lemma 6.2.1 differs from lemma 5.4.3 in the following point: It is not 
necessarily true that if the conclusion of a rule is valid, then the premises of 
that rule are valid. 


Theorem 6.2.1 (Logical equivalence of G, LK, and LK — {cut}) There is 
an algorithm to convert any LK-proof of a sequent [ — A into a G-proof. 
There is an algorithm to convert any G-proof of a sequent [ — A into a proof 
using the rules of LK — {cut}. 


Proof: If f — A has an LK-proof, by lemma 6.2.1, T — A is valid. 
By theorem 5.5.1, Tf — A has a G-proof given by the procedure search. 
Conversely, using the induction principle for G-proofs we show that every G- 
proof can be converted to an (LK — {cut})-proof. The proof is similar to that 
of theorem 3.6.1. Every G-axiom [ — A contains some common formula A, 
and by application of the weakening and the exchange rules, an (LK — {cut})- 
proof of T > A can be obtained from the axiom A — A. Next, we have to 
show that every application of a G-rule can be replaced by a sequence of 
(LK — {cut})-rules. There are twelve cases to consider. Note that the G- 
rules A : right, V : left, D: right, D: left, 4: right, —: left, V: right and 
4: left can easily be simulated in LK — {cut} using the exchange, contraction, 
and corresponding (LK — {cut})-rules. The rules V : right and A : left are 
handled as in theorem 3.6.1. Finally, we show how the G-rule V: left can be 
transformed into a sequence of (LK — {cut})-rules, leaving the 4: right case 
as an exercise. 


T, A[t/z],VzA, A> A 


(several exchanges) 


Alt/z],Vz@A,T,A— A 
VaA,VtA,T,A OA 
V@A,T,A>A 


(V: left) 


(contraction) 


(several exchanges) 


T,vr@A,A-A 


The above (LK — {cut})-derivation simulates the G-rule V : left. This 
conclude the proof of the theorem. 
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Corollary (Gentzen Hauptsatz for LK) A sequent is LK-provable if and 
only if it is LK-provable without a cut. 


Note that the search procedure together with the method indicated in 
theorem 6.2.1 actually provides an algorithm to construct a cut-free LK-proof 
from an LK-proof with cuts. Gentzen proved the above result by a very 
different method in which an LK-proof is (recursively) transformed into an 
LK-proof without cut. Gentzen’s proof is entirely constructive since it does 
not use any semantic arguments and can be found either in Takeuti, 1975, 
Kleene, 1952, or in Gentzen’s original paper in Szabo, 1969. 


In the next section, we discuss the case of first-order languages with 
equality symbol. 


PROBLEMS 


6.2.1. Give LK-proofs for the following formulae: 


VaA D Alt/a], 
Alt/x] D AA, 


where t is free for x in A. 


6.2.2. Let x, y be any distinct variables. Let A, B be any formulae, C, 
D any formulae not containing the variable x free, and let FE’ be any 
formula such that z is free for y in E. Give proof trees for the following 


formulae: 
VaC =C drC=C 
VaVyA = VyVrA daedyA = dylarA 
VaVyE D VeE|a/y] drE|x/y] > AvdyE 
VtA D> dA 
drVyA D> VysrA 


6.2.3. First, give G-proofs for the formulae of problem 6.2.2, and then con- 
vert them into LK-proofs using the method of theorem 6.2.1. 


6.2.4. Give an LK-proof for 
(AD (BDC)) > (BD(ADOC)). 
Give an LK-proof for 
(BD (CD A)), (AD (BDC)) > (BD (A=0C)) 


using the cut rule, and another LK-proof without cut. 
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6.2.5. Given a set S of formulae, let Des(S) be the set of immediate descen- 


dants of formulae in S as defined in problem 5.5.18, and define $” by 
induction as follows: 


SS: 
s"*! — Des(S"). 
Let S* = U Ss”. 

n>0 


S* is called the set of descendants of S. 


(a) Every sequent T — A corresponds to the set of formulae T U 
{=B | B € A}. Prove that for every deduction tree for a sequent 
To — Ao, the union of the sets of formulae [TU {-=B | B € A} for 
all sequents [ — A occurring in that tree is a subset of S*, where 
S=ToU{=B | BE Ao} (this is called the subformula property). 


(b) Deduce from (a) that not all formulae are provable. 


6.3 The Gentzen System LK, With Equality 


We now generalize the system LK to include equality. 


6.3.1 Syntax of LK, 


The rules and axioms of LK, are defined as follows. 


Definition 6.3.1 (The Gentzen system LK.) The Gentzen system LK, is 
obtained from the system LK by adding the following sequents known as 
equality axioms: 


Let t, 51,..., Sn,t1,...,tn be arbitrary L-terms. For every term t, the se- 
quent 


st=t 


is an axiom. 


For every n-ary function symbol f, 


S1 — ti, $2 — ta, eee SN — th —¥ fs1---Sn = fti..-tn 


is an axiom. 


For every n-ary predicate symbol P (including =), 


S1 = t1, S2 = ta, see SI — tn, PS1...8n 2 Ptj...ty 


is an axiom. 
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It is easily shown that these axioms are valid. In order to generalize 
theorem 6.2.1 it is necessary to define the concept of an atomic cut. 


Definition 6.3.2 If the cut formula of a cut in an LK;-proof is an atomic 
formula, the cut is called atomic. Otherwise, it is called an essential cut. 


theorem 6.2.1 can now be generalized, provided that we allow atomic 
cuts. However, some technical lemmas including an exchange lemma will be 
needed in the proof. 


6.3.2 A Permutation Lemma for the System G_ 
The following lemma holds in Ge. 
Lemma 6.3.1 Given a G_-proof T, there is a G_-proof T’ such that all leaf 


sequents of T’ contain either atomic formulae or quantified formulae (that is, 
formulae of the form VxB or JxB). 


Proof: Given a nonatomic formula A not of the form VzB nor drB, 
define its weight as the number of logical connectives A, V, =, D in it. The 
weight of an atomic formula and of a quantified formula is 0. The weight of a 
sequent is the sum of the weights of the formulae in it. The weight of a proof 
tree is the maximum of the weights of its leaf sequents. We prove the lemma 
by induction on the weight of the proof tree T. If weight(T) = 0, the lemma 
holds trivially. Otherwise, we show how the weight of each leaf sequent of T 
whose weight is nonzero can be decreased. This part of the proof proceeds by 
cases. We cover some of the cases, leaving the others as an exercise. 


Let S be any leaf sequent of T whose weight is nonzero. Then, for some 
formula A, S is of the form 


PpAgls — Ay, A, Ao. 


If A is the only formula in S whose weight is nonzero, we can extend the leaf 
S as follows: 


Case 1: A is of the form BAC. 


T,,B,C,T2 — Ai, B, Ae 1, B,C,T 2 zg Ai,C, Ag 
1, B,C,T2 7 Ai, BAC, Ag 
T,,BAC,T2 — Ai,BAC,A2 


The weights of the new leaf sequents are strictly smaller than the weight 
of S. 
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Case 2: A is of the form =B. 
B,Y,,T2 — B, Ay, Ae 
T,,T2 — B,Ay,7B, As 


P,,7B,P2 = Ai, 7B, Ag 
The weight of the new leaf sequent is strictly smaller than the weight of 
S. 
Case 3: A is of the form BDC. 
B,V1,T2 > B,C, Ai, Ae C,By0i,To + C;Ay,05 
B,T,,B > C,T 2 mir C,A1, Ae 
T,,B ») CLT. _- A,B ») C, As 


The weights of the new leaf sequents are strictly smaller than the weight 
of S. 


We leave the case in which A is of the form (C V D) as an exercise. 


If A is not the only formula in [,,A,P2 — Ay, A,A2 whose weight 
is nonzero, if we apply the corresponding rule to that formula, we obtain a 
sequent S$; or two sequents S$; and So still containing A on both sides of the 
arrow, and whose weight is strictly smaller than the weight of S. 


Now, if we apply the above transformations to all leaf sequents of T 
whose weight is nonzero, since the weight of each new leaf sequent is strictly 
smaller than the weight of some leaf sequent of T, we obtain a tree T’ whose 
weight is strictly smaller than the weight of T. We conclude by applying the 
induction hypothesis to T’. This completes the proof. 


Lemma 6.3.2 (i) Given a G_-proof tree T for a sequent [ — AA B, A satis- 
fying the conclusion of lemma 6.3.1, another G=-proof T’ can be constructed 
such that, depth(T) = depth(T’), and the rule applied at the root of T” is the 
A: right rule applied to the occurrence of AA B to the right of >. 


(ii) Given a G.—proof tree T of a sequent T, A > B — A satisfying 
the conclusion of lemma 6.3.1, another G_-proof tree T’ can be constructed 
such that, depth(T) = depth(T’), and the rule applied at the root of T’ is the 
D: left rule applied to the occurrence of A D B to the left of —. 


Proof: (i) Let S be the initial subtree of T obtained by deleting the 
descendants of every node closest to the root of T, where the A : right rule is 
applied to the formula A A B to the right of — in the sequent labeling that 
node. Since the proof tree T satisfies the condition of lemma 6.3.1, the rule 
A : right is applied to each occurrence of AA B on the right of —. Hence, the 
tree T has the following shape: 
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Tree T 
Sy T; Sm Im 
Ty, — A, A, T, > BA, Tm — A, Am Tm B,Am 
T; ~AAB,A, Tm -~ AAB, An 
S 
TsAAB,A 


where the tree with leaves Tj — AA B,A},..., 0m 7 AAB, Ay is the tree S, 
and the subtrees $1, T),..., Sm, Im are proof trees. Let 5” be the tree obtained 
from S by replacing every occurrence in S of the formula AA B to the right 
of > by A, and $” the tree obtained from S' by replacing every occurrence of 
AA B on the right of — by B. Since no rule is applied to an occurrence of 
AQ B on the right of > in S, both S$” and 8” are well defined. The following 
proof tree T’ satisfies the conditions of the lemma: 


Tree T’ 
Si Sm T; Tm 
PA AG Tm 7 A, Am Ty > BA, Dm 7 B,Am 


Ss! s” 


ToA,A To BA 
TSAAB,A 


It is clear that depth(T’) = depth(T"). 


(ii) The proof is similar to that of (i). The proof tree T can be converted 
to T’ as shown: 


Tree T 
Si Ty SH Tim 
I, > A, A; BY, A, Dm 7 A, Am BV im — Am 
T,, ADB A, Tym, ADB Ay, 
S 


T,AD BOA 
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Tree T’ 


Si Se T; Tm 
Tl, — A, A; Dm — A, Am BY, > A, B,Im — Am 


Ss’ Ss” 


To A,A BTA 
T,AD BOA 


Note that depth(T) = depth(T’). 


Lemma 6.3.3. Every G_-proof tree T can be converted to a proof tree T’ 
of the same sequent such that the rule applied to every sequent of the form 
[T > AA B,A or T,C D D — A is either the A : right rule applied to 
the occurrence of A A B to the right of —, or the D: left rule applied to 
the occurrence of C D D to the left of —. Furthermore, if T satisfies the 
conditions of lemma 6.3.1, then TJ’ has the same depth as T. 


Proof: First, using lemma 6.3.1, we can assume that T has been con- 
verted to a proof tree such that in all leaf sequents, all formulae are either 
atomic or quantified formulae. Then, since lemma 6.3.2 preserves the depth 
of such proof trees, we conclude by induction on the depth of proof trees using 
lemma 6.3.2. Since the transformations of lemma 6.3.2 are depth preserving, 
the last clause of the lemma follows. 


6.3.3 Logical equivalence of G_, LK,., and LK, Without 
Essential Cuts: Gentzen’s Hauptsatz for LK. Without 
Essential Cuts 


The generalization of theorem 6.2.1 is the following. 


Theorem 6.3.1 (Logical equivalence of G., LK., and LK. without essen- 
tial cuts) There is an algorithm to convert any L.K.-proof of a sequent T > A 
into a G_-proof. There is an algorithm to convert any G_-proof of a sequent 
T = A into an LK,-proof without essential cuts. 


Proof: The proof is similar to that of theorem 6.2.1. The proof differs 
because atomic cuts cannot be eliminated. By lemma 6.3.1, we can assume 
that the axioms of proof trees are either atomic formulae or quantified formu- 
lae. We proceed by induction on G=-proof trees having axioms of this form. 
The base case is unchanged and, for the induction step, only the equality rules 
of definition 6.2.1 need to be considered, since the other rules are handled as 
in theorem 6.2.1. 
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(i) The rule 
T,t=t—A 
ToA 
is simulated in LK, using an atomic cut as follows: 
T,t=toA 
exchanges 


—t=t t=t,T—oA . 
atomic cut 


TA 
(ii) The root of the G=-proof tree T is the conclusion of the rule 


T, (8, =t1) A... A (Sn = tn) D (f$1..-8n = ftr..tn) > A 
TA 


If the premise of this rule is an axiom in GL, this sequent contains a 
same formula A on both sides, and an L.K.-proof without cuts can be obtained 
from A — A using the exchange and weakening rules. Otherwise, using lemma 
6.3.3, an D.K,-derivation with only atomic cuts can be constructed as follows. 
By lemma 6.3.3, the proof tree T is equivalent to a proof tree of same depth 
having the following shape: 


Th— 1 Ti, 


TD => sp-1 = tn-1,A D> 8s, =tn, A 


T= Sn—-1 =tn-1 A 8n = tn, A 


Ti 


To 5, =, AT > s9 =toN...A Sn = tn, A To 


Tos =tA...A8,=tn, A fsi-.-5n = ftr...tn,P — A 


T,s1 =t1A...A8n=tn D fs1---Sn — binty, — A 
Using the axiom 
8, =t,...,8n = tn S f$1...8n = fr...ty 


and applying the induction hypothesis to the G_-trees To, T),..., Tn, an LKe- 
proof without essential cuts can be constructed: 


268 6/Gentzen’s Cut Elimination Theorem And Applications 


Tes 81 = t1,...,8n = tn 2 f$1...8n = fty...ty 


TS A,s, =tn Sn = ty, --) $81 = ty 2 f$1...8y = fty...ty 


Sn-—1 es tn—1,; seey ST = 41,0 ere f81..-8n = fti..tn, A 


Ty 


ToA,s,=t 6, =t1,0 > fsy...5) = fty...tn, A 


T > fs1...8n = fty...tn,A 
We finish the proof with one more atomic cut: 


Tp 


T > fs1..., $n = ftr..tn, A T, fs1...8n = fty..tn 2 A 


TSA, fs1...,$n = ftr...tn fsi..-8n = fty...tn,T aA 
TA 


The trees Tj, Tj, ..., T, have been obtained using the induction hypothesis. 
Note that applications of exchange and contraction rules are implicit in the 
above proofs. 


(iii) The root of the Gz-proof tree T is labeled with the conclusion of 


the rule: 


T, ((s1 = ty) WaacN (Sn, = tn) A Ps}...8n) D Pty...tn — A 
ToA 


This case is handled as case (ii). This concludes the proof of the theorem. 


Corollary (A version of Gentzen Hauptsatz for LK.) A sequent is L.K.- 
provable if and only if it is LK--provable without essential cuts. 


PROBLEMS 


6.3.1. The set of closed equality axioms is the set of closed formulae given 
below: 
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Voz... VenVyr..-Vyn((@1 = Yt A.» An = Yn) D 
(f (a1, +5 2n) = f(yrs «1 Yn))) 
Vaz... VanVy1...Vyn(((@1 = yt Aw An = Yn) A P(a@1,..-,2n)) D 
P(yt, +) Yn) 


Prove that the closed equality axioms are LK,-provable. 
6.3.2. Prove that the axioms of definition 6.3.1 are valid. 
6.3.4. Finish the proof of the cases in lemma 6.3.1. 
6.3.5. Prove case (iii) in the proof of theorem 6.3.1. 


6.4 Gentzen’s Hauptsatz for Sequents in NNF 


Combining ideas from Smullyan and Schwichtenberg (Smullyan, 1968, Bar- 
wise, 1977), we formulate a sequent calculus G1""/ in which sequents consist 
of formulae in negation normal form. Such a system shares characteristics of 
both G and LK but the main difference is that sequents consist of pairs of 
sets rather than pairs of sequences. The main reason for using sets rather 
than sequences is that the structural rules become unnecessary. As a con- 
sequence, an induction argument simpler than Gentzen’s original argument 
(Szabo, 1969) can be used in the proof of the cut elimination theorem. The 
advantage of considering formulae in negation normal form is that fewer in- 
ference rules need to be considered. Since every formula is equivalent to a 
formula in negation normal form, there is actually no loss of generality. 


6.4.1 Negation Normal Form 
The definition of a formula in negation normal form given in definition 3.4.8 
is extended to the first-order case as follows. 
Definition 6.4.1 The set of formulae in negation normal form (for short, 
NNF) is the smallest set of formulae such that 

(1) For every atomic formula A, A and —A are in NNF; 

(2) If A and B are in NNF, then (AV B) and (AA B) are in NNF. 

(3) If A is in NNF, then V27A and dxA are in NNF. 


Lemma 6.4.1 Every formula is equivalent to another formula in NNF. 


Proof: The proof proceeds by induction on formulae as in lemma 3.4.4. 
Careful checking of the proof of lemma 3.4.4 reveals that for the propositional 
connectives, only the case where A is of the form 7~VaB or =4xB needs to be 
considered. If A is of the form =VzB, by lemma 5.3.6(8) =VzB is equivalent 
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to da-B, and since —B has fewer connectives than ~VaB, by the induction 
hypothesis —~B has a NNF B’. By lemma 5.3.7, A is equivalent to 4xB’, which 
is in NNF. The case where A is of the form 7Jz7B is similar. Finally, if A 
is of the form VzB or dxB, by the induction hypothesis B is equivalent to a 
formula B’ is NNF, and by lemma 5.3.7 VB is equivalent to VzB’ and ArB 
is equivalent to dxB’. 


EXAMPLE 6.4.1 
Let 


A=Va(P(a) V m3y(Q(y) A R(x, y))) V a(P(y) A -WV2P(@)) 


The NNF of =4y(Q(y) A R(az, y)) is 


The NNF of A is 


Va(P(x) V Vy(>Q(y) V >R(a,y))) V (4P(y) V VaP(2)). 


We now define a new Gentzen system in which sequents are pairs of sets 
of formulae in NNF. First, we treat the case of languages without equality. 


6.4.2 The Gentzen System G1”! 


The axioms and inference rules of G1”"F are defined as follows. 


Definition 6.4.2 The sequents of the system G1”"S are pairs T — A, where 
T and A are finite sets of formulae in NNF. Given two sets of formuae I and 
A, the expression I’, A denotes the union of the sets [ and A, and similarly, 
if A is a formula, [’, A denotes the set TU {A}. The inference rules are the 
rules listed below: 


(1) Cut rule: 
T-A,A A,A-0O 
r,A—A,O 


A is called the cut formula of this inference. 


(2) Propositional logical rules: 


ATA 
ANB,T AHA 


BTA 


Stefi: and «2 
Sle ane Bk 


(A : left) 
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T-A,A Ts A,B 
Ts A,AAB 


(A : right) 


A,TAA BTA 


AVB,PFoA tere) 
ToA,A . r-A,B 
ToA,AVB (Vv : right) and PSAAVe (Vv : right) 


In the rules above, AV B and AA B are called the principal formulae 
and A, B the side formulae of the inference. 


(3) Quantifier rules 


In the quantifier rules below, x is any variable and y is any variable free 
for « in A and not free in A, unless y = x (y ¢ FV(A) — {x}). The term t is 
any term free for x in A. 


Alt/a],T >A), PA, Aly/el 
ATA (Vv: left) AeA (V: right) 

Aly/z],T >A. [= A, Alt/a) 3... 
drA,T 4A ey) [> A,srA kage) 


In both the (V : right)-rule and the (4: left)-rule, the variable y does 
not occur free in the lower sequent. In these rules, the variable y is called the 
eigenvariable of the inference. The condition that the eigenvariable does not 
occur free in the conclusion of the rule is called the ezgenvariable condition. 
The formula VzA (or 4xA) is called the principal formula of the inference, 
and the formula A[t/z] (or Aly/a]) the side formula of the inference. 


The axioms of G1"”! are all sequents of the form 
T,A — A,A, 
T,AA — 74, A, 
T,A,7AA — A, or 
[T— A,4A,-7A4, 


with A atomic. 
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The notions of deduction trees and proof trees are defined as usual, but 
with the rules and axioms of G1""/. It is readily shown that the system 
G1""Ff is sound. We can also prove that G1" is complete for sequents in 
NNF. 


6.4.3 Completeness of G1”""/ 


The following lemma is shown using theorem 5.5.1. 


Lemma 6.4.2 (Completeness of G1""/) Every valid G1""/-sequent has a 
G1" -proof. 


Proof: First, we check that the proof given in theorem 5.5.1 can be 
adapted to hold for sequents consisting of sets rather than sequences. In order 
to simulate the V : left rule and the 4: right rule of G using the quantifier 
rules of G1""S, we use the fact that in G1""!, sequents consist of sets. Since 
Va2B,T > A and V2B,VaB,T — A actually denote the same sequent, we can 
apply the V : left rule (of G1""S) to VB, with the formulae in VzB,T and 
A as auxiliary formulae, obtaining: 


VeB, Bit/«|,T — A 
VtB,T 3A 


The case of 4: right is similar. We simulate the A : left rule of G and 
the V : right of G as in the proof of theorem 3.6.1. For example, the following 
derivation simulates /A : left of G: 


A,B,TAA . 
A: left applied to A 


AAB,BT oA 
AAB,T HA 


A: left applied to B 


We obtain proofs in which the conditions for declaring that a sequent is 
an axiom are as follows: A sequent [ — A is an axiom iff any of the following 
conditions holds: 


(i) T and A have some formula A in common; or 
(ii) [ contains some atomic formula B and its negation —B; or 
(iii) A contains some atomic formula B and its negation —B. 


However, the formula A may not be a literal (that is, an atomic formula, 
or the negation of an atomic formula). To make sure that in (i) A is a literal, 
we use the method of lemma 6.3.1, complemented by the cases of quantified 
formulae. We consider the case in which A = VB is on the left of —, the 
case A = 4dzB on the right of — being similar. Assume that the axiom is 
T,V2B— A,V«B. Then we have the following proof: 
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T, Blz/a] — A, Blz/a] 


T,V¢tB > A, Blz/a] 


T,VrB > A,V«xB 


where z is a new variable. 


The top sequent is an axiom, and B[z/a] has fewer connectives than 
VYaB. We conclude by induction on the number of connectives in B[z/a]. The 
details are left as an exercise. 


6.4.4 The Cut Elimination Theorem for G1””/ 


We now proceed with the proof of the cut elimination theorem for G1”. 
The proof uses a method due to Schwichtenberg (adapted from Tait, Tait, 
1968), which consists of a single induction on the cut-rank of a proof with 
cut. This proof is simpler than Gentzen’s original, because the system G1""S 
does not have structural rules. This is the reason a simple induction on the 
cut-rank works (as opposed to the the induction used in Gentzen’s original 
proof, which uses a lexicographic ordering). Furthermore, the proof of the 
theorem also yields an upper bound on the size of the resulting cut-free proof. 
The key parameter of the proof, is the cut-rank of a G1""S-proof. First, we 
need to define the degree of a formula in NNF. Roughly speaking, the degree of 
a formula in NNF is the depth of the tree representing that formula, ignoring 
negations. 


Definition 6.4.3 The degree |A| of a formula A in NNF is defined induc- 
tively as follows: 


(i) If A is an atomic formula or the negation of an atomic formula, then 


| A] = 0; 


(ii) If A is either of the form (B V C) or (BAC), then 


|A| = max(|B], |C]) + 1; 


(iii) If A is either of the form VxB or JaB, then 
|A| = |B] +1. 
The cut-rank is defined as follows. 
Definition 6.4.4 Let T bea G1""S-proof. The cut-rank c(T) of T is defined 


inductively as follows. If T is an axiom, then c(T’) = 0. If T is not an axiom, 
the last inference has either one or two premises. In the first case, the premise 
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of that inference is the root of a subtree T,. In the second case, the left premise 
is the root of a subtree 7, and the right premise is the root of a subtree 75. 
If the last inference is not a cut, then if it has a single premise, 


c(T) = (Th), 


else 
c(T) = max(c(T1), c(T2)). 


If the last inference is a cut with cut formula A, then 


c(T) = maz(|A| + 1, c(T1), c(Z2)). 


Note that c(T) = 0 iff T is cut free. We will need a number of lemmas 
to establish the cut elimination theorem for G1”"/. In some of these proofs, 
it will be necessary to replace in a proof all free occurrences of variable y by a 
new variable z not occurring in the proof. This substitution process is defined 
as follows. 


Definition 6.4.5 Given a formula A, we say that the variable y is not bound 
in the formula A iff y ¢ BV(A). The variable y is not bound in the sequent 
[T — A iff y is not bound in any formula in I or A. The variable y is not 
bound in the deduction tree T iff it is not bound in any sequent occurring in 
T. Given a formula A and two variables y,z, the formula A[z/y] is defined 
as in definition 5.2.6. For a sequent T — A, the sequent ([ — A)[z/y] is 
the sequent obtained by substituting z for y in all formulae in T > A. For a 
deduction tree T, a variable y not bound in T, and a variable z not occurring 
in T, the deduction tree T[z/y] is the result of replacing every sequent T > A 
in T by ((C — A)[z/y]. This operation can be defined more precisely by 
induction on proof trees, the simple details being left to the reader. 


A similar definition can be given for the result T[t/y] of substituting a 
term t for a variable y not bound in 7, provided that t is free for y in every 
formula in which it is substituted, and that y and the variables in F'V(t) are 
distinct from all eigenvariables in T. In order to justify that T[z/y] are T|t/y] 
are indeed proof trees when T’ is, the following technical lemma is needed. 


Lemma 6.4.3 Let I — A be a sequent and T an G1""/-proof for T > A. 
Assume that y is any variable not bound in the proof tree T. 


(i) For any variable z not occurring in T, the result T[z/y] of substituting 
z for all occurrences of y in T is a proof tree for I'[z/y] — A[z/y]. 


(ii) If t is a term free for y in every formula in which it is substituted, 
and y and the variables in F'V(t) are distinct from all eigenvariables in T, 
then T[t/y] is a proof tree for T'[t/y] — Alt/y]. 


Proof: We proceed by induction on proof trees. We only treat some key 
cases, leaving the others as an exercise. We consider (i). If T is an axiom 
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T= A, it is clear that ([T — A)[z/y] is also an axiom. The propositional 
rules present no difficulty and are left to the reader. We consider two of the 
quantifier rules: V: left and V: right. 


Case 1: The bottom inference is V : left: 
Ty 
Alt/z],T + A 
V@A,T oA 
where t is free for x in A. 


By the induction hypothesis, T,[z/y] is a proof tree of A[t/z][z/y],T[z/y] 
— Alz/y]. Since we have assumed that y is not bound in the proof T, y £ x. 
Hence, (V2A)[z/y] = VxA[z/y]. By the result of problem 5.2.7, 


Alt/x]lz/y] = Alz/ylltlz/y\/21, 


and since z does not occur in T, t[z/y] is free for x in A[z/y]. But then, T[z/y] 
is the proof tree: 


Ti [z/y] 
Alz/yl[tlz/y|/2],T lz/y] > Alz/y] 
VeAlz/y],Tz/y] > Alz/y] 


Case 2: The bottom inference is V : right: 
Ty 
TA, Alw/2] 
TSA vad 


where w is not free in T > A,VzrA. 
There are two subcases. 


Subcase 2.1: If y = w, since w does not occur free in T — A,VaA, the 
variable w is not free in VzA, T or A. By the induction hypothesis, T;[z/y] 
is a proof tree for 


(T > A, Aly/a])[z/y] =T — A, Alz/z]. 


Also, since z does not occur in T’, z does not occur in T — A,VaA, the 
VY: right rule is applicable and T[z/y] is a proof tree. 


Subcase 2.2: y #4 w. By the induction hypothesis, T\[z/y] is a proof tree 
for T[z/y] — Alz/y], A[w/a][z/y]. By problem 5.2.7, we have 


Alw/2|[z/y] = Alz/yllwlz/yl/21, 
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but since w # y, 
Alw/a][2z/y] = Alz/y][w/a]. 


Also, since z does not occur in T, z 4 w, and so w does not occur free in 
T[z/y] — Alz/y], VrA[z/y]. Hence, the V : right rule is applicable and T[z/y] 
is a proof tree: 


Ti[z/y] 
T[z/y] > Alz/y], Alz/y]lw/2] 
T[z/y] > Alz/y], VeAlz/y] 


It should be noted that in the proof of (ii), the condition that y is distinct 
from all eigenvariables in T rules out subcase 2.1. 


Lemma 6.4.4 (Substitution lemma) Let T be a G1""S-proof of a sequent 
T — A such that the variable x is not bound in T. For any term ¢ free for 
xin T > A, a proof T’(t) of T'[t/a] — A[t/a] can be constructed such that 
T’(t) and T have same depth, x and the variables in FV(t) are distinct from 
all eigenvariables in T’(t) and c(T) = c(T’(t)). 


Proof: By induction on proof trees using lemma 6.4.3. For a similar 
proof, see lemma 7.3.1. 


Lemma 6.4.5 (Weakening lemma) Given a G1""S-proof T of a sequent 
T= A, for any formula A (in NNF), a proof T’ of A, — A (resp. T — A, A) 
can be obtained such that T and T”’ have the same depth, all variables free in 
A are distinct from all eigenvariables in T and c(T’) = c(T). 


Proof: Straightforward induction on proof trees, similar to that of 
lemma 6.4.3. 


The proof T’ given by the weakening lemma will also be denoted by 
(T, A). 


Lemma 6.4.6 (Inversion lemma) (i) If a sequent f — A, AAB has a G1""S- 
proof T (resp. AV B,T — A has a G1”""S-proof T), a G1""S-proof T, of T > 
A, A and a G1""S-proof Tz of fr — A, B can be constructed (resp. a G1""F- 
proof 7; of A, > A and a G1""S-proof Ty of B,T — A can be constructed) 
such that, depth(T,), depth(T2) < depth(T) and c(T,), c(T2) < ¢(T). 


(ii) If f — A,VzrB has a G1""f-proof T (resp. JrB,T — A has a 
G1""!-proof T), then for any variable y not bound in T and distinct from all 
eigenvariables in T, a G1""/-proof T; of Tf > A, Bly/a] can be constructed 
(resp. a G1""-proof T; of Bly/z],l — A can be constructed), such that 
depth(T\) < depth(T) and c(T,) < c(T). 


Proof: The proofs of (i) and (ii) are similar, both by induction on proof 
trees. We consider (ii), leaving (i) as an exercise. 
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If VxB belongs to A, the result follows by the weakening lemma (lemma 
6.4.5), using the proof (T, Bly/a]) given by that lemma. If VzB does not 
belong to A, there are two cases. 


Case 1: VxB is not the principal formula of the last inference. There are 
several subcases depending on that inference. Let us consider the A : right 
rule, the other subcases being similar and left as an exercise. The proof has 
the form 


Si So 
TS A,V«2B,C [T+ A,V«cB,D 
To A,VtB,CAD 


By the induction hypothesis, for any variable y not bound in S; or S2 
and distinct from all eigenvariables in S; or S2, we can find proofs T; for T - 
A, Bly/z],C and T2 for T > A, Bly/z], D, such that depth(T;) < depth(S;) 
and c(T;) < c(S;), for 7 = 1,2. We conclude using the following proof: 

T) T2 


PA, Bly/z],C [> A, Bly/2],D 


T3A, Bly/z],C AD 


Case 2: VxB is the principal formula of the last inference. Using the 
weakening lemma, we can make sure that the last inference is of the form 


Ty 
[T+ A,VzB, Bly/2| 


Ts A,VrB 


replacing the proof T by (T,VaB) if necessary. Using lemma 6.4.3, we can 
also make sure that y is not bound in JT, (or T’) and is distinct from all 
eigenvariables in T; (and T’). Then, the induction hypothesis applies to the 
variable y in the lower sequent of the proof T,, and we can find a proof Tj 
of T > A, Bly/z] such that depth(T,) < depth(T) and c(T,) < c(T). Using 
lemma 6.4.3 again, we actually have a proof of [ > A, B[z/a] for any variable 
z not bound in Tj and distinct from all eigenvariables in T], establishing (ii). 
The proof of the other cases is similar. 


We are now ready for the main lemma which, shows how cuts are elim- 
inated. 


Lemma 6.4.7 (Reduction lemma for G1""S) Let T; be a G1""S-proof of 
I — A, A, and Ty a G1" -proof of A, A — ©, and assume that 


c(T\), c(T2) < |Al. 
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A G1""S-proof T of 
T,A>A,O 


can be constructed, such that 


depth(T) < depth(T,) + depth(T2) and c(T) < |Al. 


Proof: We proceed by induction on depth(T,) + depth(T2). 


Case 1: Either A is not the principal formula of the last inference of T;, 
or A is not the principal formula of the last inference of T2. By symmetry, 
we can assume the former. There are several subcases, depending on the last 
inference. Let us consider the A : right rule, the other subcases being similar 
and left as an exercise. The proof has the form 


Si So 
ToA,C,A Ts A’,D,A 


TaA’,CAD,A 


By the induction hypothesis, we can find proofs Tj for T,A — A’,0,C 
and T; for T, A > A’, 0, D, such that depth(T/) < depth(T,) + depth(T2) and 
c(T/) < |Al, for i=1,2. The result follows by the inference 


T,A > A’,0,C T,A — A’,0,D 
T,ASA’,CAD,O 


Case 2: A is the principal formula of the last inference of both T, and 
To. 


Case 2.1: A is a literal; that is, an atomic formula, or the negation of an 
atomic formula. In this case, both T — A, A and A, A —> © are axioms. By 
considering all possible cases, it can be verified that [, A — A, 0 is an axiom. 
For example, if A is atomic, A contains =A and A contains —A, T, A - A,O 
is an axiom. 


Case 2.2: A is of the form (BV C). Using the weakening lemma, we can 
make sure that the last inference of T; is of the form 
So 
T-A,A,B 
ToA,A 


or 
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So 
T5A,A,C 
ToA,A 
replacing T, by (71, A) if necessary. Consider the first case, the other being 
similar. By the induction hypothesis, we can find a proof Tj] for T,A —> 
A,9,B, such that depth(T{) < depth(T,) + depth(T2) and c(Tj) < |A|. By 
the inversion lemma, we can find a proof T} of B, A > O such that depth(T3) < 
depth(T2) and c(T3) < |A|. The following proof T’ 
Ti T3 
T,A—-A,0,B B,A- 0 
T,A>+A,O 


is such that depth(T’) < depth(T,) + depth(T2) and has cut-rank c(T’) < | Al, 
since |B| < |Al. 


Case 2.3: A is of the form (BAC). This case is symmetric to case 2.2. 


Case 2.4: A is of the form 4rB. As in case 2.2, we can assume that A 
belongs to the premise of the last inference in T\, so that T) is of the form 


So 
T 3A, A, Blt/a] 
ToA,A 


By the induction hypothesis, we can find a proof tree Tj for T,A — 
A, 90, Bit/x], such that depth(T]) < depth(T,) + depth(T2) and c(T;) < |A|. 
By the inversion lemma, for any variable y not bound in T> and distinct from 
all eigenvariables in T2, there is a proof T5 for Bly/z],A — ©, such that 
depth(T3) < depth(T2) and c(T3) < |A|. By the substitution lemma, we can 
construct a proof Té’ for B[t/x], A — ©, also such that depth(T4/) < depth(T2) 
and c(T3/) < |A|. Since |B[t/z]| < |A], the proof obtained from Tj and Ty’ by 
applying a cut to B[t/a] has cut-rank < | A]. 


Case 2.5: A is of the form VzB. This case is symmetric to case 2.4. 
This concludes all the cases. 


Finally, we can prove the cut elimination theorem. 


The function exp(m,n,p) is defined recursively as follows: 


exp(m,0,p) = D; 
exp(m,n+1,p) = meZP(MMP) 
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This function grows extremely fast in the argument n. Indeed, exp(m, 1, 
p) = m?P, exp(m,2,p) =m”, and in general, exp(m, n, p) is an iterated stack 
of exponentials of height n, topped with a p: 


mP 


The Tait-Schwichtenberg’s version of the cut elimination theorem for G1""S 
follows. 


Theorem 6.4.1 (Cut elimination theorem for G1""S) Let T be a G1"/- 
proof with cut-rank c(T) of a sequent T — A. A cut-free proof T* for! > A 
such that depth(T*) < exp(2,c(T), depth(T)) can be constructed. 


Proof: We prove the following claim by induction on the depth of proof 
trees. 


Claim: Let T be a G1""S-proof with cut-rank ¢(T) for a sequent T > A. 
If c(T) > 0 then we can construct a proof T’ for T — A, such that 


c(T’) <c(T) and depth(T’) < 247th), 


Proof of Claim: If either the last inference of T is not a cut, or it is a 
cut and c(T) > |A| +1, where A is the cut formula of the last inference, we 
can apply the induction hypothesis to the immediate subtrees T, or T> (or 
T\) of T. We are left with the case in which the last inference is a cut and 
c(T) = |A| +1. The proof is of the form 


T T 
ToA,A A,TAHA 
TA 


By the induction hypothesis, we can construct a proof Tj for T — A, A 
and a proof T} for A,T — A, such that c(T/) < |A| and depth(T/) < 24ePth(Ts) , 
for i = 1,2. Applying the reduction lemma, we obtain a proof T’ such that, 
c(T’) < |A| and depth(T’) < depth(T]) + depth(T}). But 


depth(T’) + depth(Ti) < 24erth(T) 4 gdepth(Ta) < 
gmax(depth(T;),depth(T2))+1 _ gdepth(T) | 


Hence, the claim holds for T’. 


The proof of the theorem follows by induction on c(T), and by the 
definition of eap(2,m,n). 


It is remarkable that theorem 6.4.1 provides an upper bound on the 
depth of cut-free proofs obtained by converting a proof with cuts. Note that 
the “blow up” in the size of the proof can be very large. 
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Cut-free proofs are “direct” (or analytic), in the sense that all inferences 
are purely mechanical, and thus require no ingenuity. Proofs with cuts are 
“indirect” (or nonanalytic), in the sense that the cut formula in a cut rule may 
not be a subformula of any of the formulae in the conclusion of the inference. 
Theorem 6.4.1 suggests that if some ingenuity is exercised in constructing 
proofs with cuts, the size of a proof can be reduced significantly. It gives a 
measure of the complexity of proofs. Without being very rigorous, we can say 
that theorem 6.4.1 suggests that there are theorems that have no easy proofs, 
in the sense that if the steps are straightforward, the proof is very long, or else 
if the proof is short, the cuts are very ingenious. Such an example is given in 
Statman, 1979. 


We now add equality axioms to the system G1""/. 


6.4.5 The System G12”"/ 
The axioms and inference rules of the system G1”"F are defined as follows. 
Definition 6.4.6 The system G12"S is obtained by adding to G1" the 
following sequents as axioms. All sequents of the form 

Gi) TS A,t=t; 


(ii) For every n-ary function symbol f, 


T, S1 = t1, S2 -_ to, sey Sy = ty —_ A, f$1..-8n = Pusste 


(iii) For every n-ary predicate symbol P (including =), 
T,s1 = t1, S2 = ta, sory Sr a tn, PS1...8n =? A, Pty...tn 


and all sequents obtained from the above sequents by applications of =: left 
and —: right rules to the atomic formulae t = t, s; = tj, fs1...5n = fty...tn, 
Ps 1...8y and Pty...tn. 


For example, — —(s = t), f(s) = f(t) is an equality axiom. It is obvious 
that these sequents are valid and that the system G12"F is sound. 


Lemma 6.4.8 (Completeness of G1@"S) For the system G12", every valid 
sequent is provable. 


Proof: The lemma can be proved using the completeness of LK. (the- 
orem 6.3.1). First, we can show that in an L.K.-proof, all weakenings can be 
moved above all other inferences. Then, we can show how such a proof can 
be simulated by a G12”"S-proof. The details are rather straighforward and are 
left as an exercise. 
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6.4.6 The Cut Elimination Theorem for G12"! 


Gentzen’s cut elimination theorem also holds for G1”"S if an inessential cut 
is defined as a cut in which the cut formula is a literal B or —B, where B is 
equation s = t (but not an atomic formula of the form Psj...8,, where P isa 
predicate symbol different from =). This has interesting applications, such as 
the completeness of equational logic (see the problems). The proof requires 
a modification of lemma 6.4.6. The cut-rank of a proof is now defined by 
considering essential cuts only. 


Lemma 6.4.9 (Reduction lemma for G12"/) Let T; be a G12"S-proof of 
T > A, A, and Ty a G12"S-proof of A, A — ©, and assume that c(T;), c(T2) < 
|A|. Let m be the maximal rank of all predicate symbols P such that some 
literal Pt,...t, or —Pt,...t, is a cut formula in either T, or To. A G12"!-proof 
T of [, A > A,® can be constructed such that 


c(T) <|A| and depth(T) < depth(T,) + depth(T2) + m. 


Proof: We proceed by induction on depth(T,) + depth(T2). The only 
new case is the case in which A is a literal of the form Ptj...t, or 7Pt1...tn, 
and one of the two axioms [T > A, A and A,A — © is an equality axiom. 
Assume that A = Pty...tn, the other case being similar. If f — A or A > © 
is an axiom, then T, A > A, © is an axiom. Otherwise, we have three cases. 

Case 1: T — A,A is an equality axiom, but A,A — © is not. Then, 
either 4A is in A or A is in 0, and [ > A, A is obtained from some equality 
axiom of the form 


I’, 51 = t1, S2 > ta, ery Sn = trey Sissi Sy, —2 A’, Pty...tn 


by application of = : rules. Since either Pt,...t, is in O or 4Pty...t, is in 
A, the sequent T,A — A,© is an equality axiom also obtained from some 
sequent of the form 


T”, S1 = t1, S2 — ta, see SN = tn, Ps1...8n =z A”, Pty...tn. 


Case 2: T — A,A is not an equality axiom, but A,A — 0 is. This is 
similar to case 1. 


Case 3: Both T > A, A and A, A > © are equality axioms. In this case, 
T — A, A is obtained from some equality axiom of the form 


I’, 51 = t1, S2 = ta, sey Sy = tn, Ps1...8n — A’, Pty...tn 


by application of = : rules, and A,A — © is obtained from some equality 
axiom of the form 


A’, ty = T1, te = 2; scigibey = Tis F bjsby, => 0’, Pry...1, 
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by applications of - : rules. 


Then, I, A — A, O is obtained by applying negation rules to the sequent 


rar ‘ ‘ ‘ . : ‘ 
I", A’, s1 = ti, 82 = ta, ..., 8n tn, ti T1, te 12, -5tn = Tn, PS1...8n 
— A’,0'", Pry... 


A proof with only inessential cuts can be given using axioms derived by 
applying —: rules to the provable (with no essential cuts) sequents 


8 = 11,8 = 7 34 = Ti, 
for 1 = 1,...,n, and the axiom 
IY, A’, 8, = 11,005 8n = Tn, P81...8, 2 A’, 0’, Pry...rn, 
and n inessential cuts (the i-th cut with cut formula s; = r; or 4s; = r;). The 


depth of this proof is n, which is bounded by m. The rest of the proof is left 
as an exercise. 


We obtain the following cut elimination theorem. 


Theorem 6.4.2 (Cut elimination theorem for G12") Let T be a G12”"s- 
proof with cut-rank c(T) for a sequent T — A, and let m be defined as in 
lemma 6.4.9. A G1""!-proof T* for T — A without essential cuts such that 
depth(T*) < exp(m + 2,c(T), depth(T)) can be constructed. 


Proof: The following claim can be shown by induction on the depth of 
proof trees: 


Claim: Let T be a G12"/-proof with cut-rank c(T) for a sequent T — A. 
If c(T) > 0 then we can construct a G1""f-proof T’ for T — A, such that 


c(T’) <c(T) and depth(T’) < (m+ 2)depth(T) 


The details are left as an exercise. 


Note: The cut elimination theorem with inessential cuts (with atomic 
cut formulae of the form s = t) also holds for LK,. The interested reader is 
refered to Takeuti, 1975. 


As an application of theorem 6.3.1, we shall prove Craig’s interpolation 
theorem in the next section. The significance of a proof of Craig’s theorem 
using theorem 6.3.1 is that an interpolant can actually be constructed. In turn, 
Craig’s interpolation theorem implies two other important results: Beth’s 
definability theorem, and Robinson’s joint consistency theorem. 
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PROBLEMS 
6.4.1. Convert the following formulae to NNF: 
(-VaP(x,y) V VeR(a,y)) 
Va(P(2) > 7AyR(z, y)) 
(Wa-Wy-WzP(a, y) V cde y(>42Q(2, y, z) > R(x, y))) 
6.4.2. Convert the following formulae to NNF: 
(ArVyP(a,y) A VysaP(y,2)) 
(a(VaP(x) V SyrQ(y)) V (W2G(z) V JwQ(w))) 
(sV2(P(a) V SyQ(y)) V (W2P(z) V JwQ(w))) 
6.4.3. Write a computer program for converting a formula to NNF. 
6.4.4. Give the details of the proof of lemma 6.4.2. 
6.4.5. Finish the proof of the cases that have been left out in the proof of 
lemma 6.4.3. 
6.4.6. Prove lemma 6.4.4. 
6.4.7. Prove lemma 6.4.5. 
6.4.8. Finish the proof of the cases that have been left out in the proof of 
lemma 6.4.6. 
6.4.9. Finish the proof of the cases that have been left out in the proof of 
lemma 6.4.7. 
6.4.10. Prove that for any LK .-proof, all weakenings can be moved above all 
other kinds of inferences. Use this result to prove lemma 6.4.8. 
6.4.11. Finish the proof of the cases that have been left out in the proof of 
lemma 6.4.9. 
6.4.12. Give the details of the proof of theorem 6.4.2. 
6.4.13. Given a set S of formulae, let Des(S) be the set of immediate descen- 


dants of formulae in S as defined in problem 5.5.18, and define S” by 
induction as follows: 


S° = 8S; 
S™t! = Des(S”). 
Let S* = U Ss”. 

n>0 


S* is called the set of descendants of S. 
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6.4.14. 


* 6.4.15. 


(a) Prove that for every deduction tree without essential cuts for a 
sequent 9 — Ao, the formulae in the sets of formulae TU{=B | B € 
A} for all sequents T — A occurring in that tree, belong to S* or are 
equations of the form s =t, where S=ITo9 U{=B | B € Ao}. 


(b) Deduce from (a) that not all G12"/-formulae are provable. 


Let L be a first-order language with equality and with function sym- 
bols and constant symbols, but no predicate symbols. Such a language 
will be called equational. 


Let €1,...,€m — e be a sequent where each e; is a closed formula of the 
form Va1...Vtn(s = t), called a universal equation, where {21,...,%n} 
is the set of variables free in s = t, and e is an atomic formula of 
the form s = t, called an equation. Using theorem 6.4.2, prove that if 
€1,.-,€n — € is G1"S-provable, then it is provable using only axioms 
(including the equality axioms), the cut rule applied to equations (of 
the form s = t), weakenings, and the V: left rule. 


Let L be an equational language as defined in problem 6.4.14. A 
substitution function (for short, a substitution) is any function o : 
V — TERM, assigning terms to the variables in V. By theorem 
2.4.1, there is a unique homomorphism ¢ : TERM, — TERM, 
extending o and defined recursively as follows: 


For every variable x € V, a(x) = s(z). 
For every constant c, o(c) =e. 


For every term ft,...t, € TERM, 


G(ftt...tn) = fE(t1)...G(tn). 


By abuse of language and notation, the function G will also be called 
a substitution, and will often be denoted by oa. 


The subset X of V consisting of the variables such that s(x) 4 x 
is called the support of the substitution. In what follows, we will be 
dealing with substitutions of finite support. If a substitution o has 
finite support {y1,...,Yn} and o(y;) = s;, fori =1,..,n, for any term 
t, the substitution instance a(t) is also denoted as t[s1/y1, ..., $n/Yn]- 


Let E =< €,...,€n > be a sequence of equations, and E’ the sequence 
of their universal closures. (Recall that for a formula A with set of free 
variables FV(A) = {21,...,Un}, Va1..Va,A is the universal closure 
of A.) 


We define the relation —>, on the set TE RMy, of terms as follows. 
For any two terms 11, ta, 
t1 —E£ lo 
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iff there is some term r, some equation s = t € E, some substitution 
o with support FV(s) U FV(t), and some tree address wu in r, such 
that, 

ty =rlu<—a(s)], and tg =rlu — a(t). 


When t; —g to, we say that t; rewrites to tg. In words, t; rewrites 
to tg iff t2 is obtained from t, by finding a subterm a(s) of t1 (called 
a pattern) which is a substitution instance of the left hand side s of 
an equation s = t € E, and replacing this subterm by the subterm 
a(t) obtained by applying the same substitution o to the right hand 
side t of the equation. 


Let — , be the relation defined such that 
ty —E to iff 
either t}) —>gte or te —- th, 
and let +, be the reflexive and transitive closure of —— pr. 


Our goal is to prove that for every sequence E =< e},...,€n > of equa- 
tions and for every equation s = t, if E’ is the sequence of universal 
closures of equations in FE, then 


E'—+s=t is G1@”!-provable iff s +m t. 


During the proof that proceeds by induction, we will have to consider 
formulae which are universally quantified equations of the form 


Vyi---VY¥m(s = t), 


where {y1,...,Ym} is a subset of FV(s) U FV(#), including the case 
m = 0 which corresponds to the quantifier-free equation s = t. Hence, 
we will prove two facts. 


For every sequence T consisting of (partially) universally quantified 


equations from E, 


(1) If Tost is G12"/-provable then s >, t. 


(2) If s<>+gt then E’ >s=t is G1”"S-provable, 


where FE’ is the universal closure of LE. 
This is done as follows: 


(a) Prove that if s +g t, then the sequent E’ — s + t is G1@”/- 
provable, where EF’ is the universal closure of E. 
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Hint: Use induction on the structure of the term r in the definition 


of “sp. 


(b) Given a set F of equations and any equation v = w, let {E,v = w} 
denote the union of F and {v = w}. 


Prove that 


(i) If s; se t;, for 1 <i<n, then 


f(t, wei bie) or f(s1, weey Sn). 


(ii) If t; +p te, then for every substitution o with support FV (t1)U 
FV (ta), 
G(t;) “> p G(t2). 


iii) If v “og w and s —> is t, then s >, t. 
{E,v=w} 


Hint: Show that every rewrite step involving v = w as an equation 
can be simulated using the steps in uv > E w. 


(c) Prove that, for every sequence T consisting of (partially) uni- 
versally quantified equations from EF, for any equation s = ft, if the 
sequent T — s = t is G12"f-provable then s >, t. 


Hint: Proceed by induction on G12" proofs without essential cuts. 
One of the cases is that of an inessential cut. If the bottom inference 
is a cut, it must be of the form 


Si} So 


Ty ~v=w v=w,Ip7 s=t 


Tos=t 


where JT; and 75 are subsets of T. By the induction hypothesis, 
v +p wand s Be a hait t. Conclude using (b). 


(d) Prove that the sequent E’ > s = t is G12"S-provable iff s > x t. 


The above problem shows the completeness of the rewrite rule method 
for (universal) equational logic. This is an important current area of 
research. For more on this approach, see the article by Huet and 
Oppen, in Book, 1980, and Huet, 1980. 


6.5 Craig’s Interpolation Theorem 


First, we define the concept of an interpolant. 
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6.5.1 Interpolants 


If a formula of the form A D B is valid, then it is not obvious that there is 
a formula J, called an interpolant of A D B, such that A D J and I D> B 
are valid, and every predicate, constant, and free variable occurring in I also 
occurs both in A and B. As a matter of fact, the existence of an interpolant 
depends on the language. If we don’t allow either the constant | or equality 
(=), the formula (P D P) D (Q D Q) is valid, and yet, no formula I as above 
can be found. If we allow equality and make the exception that if = occurs 
in I, it does not necessarily occur in both A and B, then I = Va(a = x) does 
the job. Alternatively, = L (true!) does the job. 


Craig’s interpolation theorem gives a full answer to the problem of the 
existence of an interpolant. An interesting application of Craig’s interpolation 
theorem can be found in Oppen and Nelson’s method for combining decision 
procedures. For details, see Nelson and Oppen, 1979, and Oppen, 1980b. 


6.5.2 Craig’s Interpolation Theorem Without Equality 


First, we consider a first-order language without equality. For the next lemma, 
we assume that the constant L (for false) is in the language, but that = is 
not. Let Lk, be the extension of LK obtained by allowing the sequent L— 
as an axiom. It is easily checked that the cut elimination theorem also holds 
for LK, (see the problems). 


During the proof of the key lemma, it will be necessary to replace in a 
proof all occurrences of a free variable y by a new variable z not occurring 
in the proof. This substitution process is defined as in definition 6.4.5, but 
for LK (and LK.) rather than G1""/. Given a deduction tree T such that 
y does not occur bound in T, T[z/y] is the result of replacing every sequent 
[> Ain T by (T — A)[z/y]. Similarly, T[z/c] is the result of substituting a 
new variable z for all occurrences of a constant c in a proof T. The following 
technical lemma will be needed. 


Lemma 6.5.1 Let [ — A be a sequent and T an LK-proof for Tl > A. As- 
sume that y is a variable not occurring bound in the proof T. For any variable 
z not occurring in T, the result T[z/y] of substituting z for all occurrences of 
y in T is a proof tree. Similarly, if c is a constant occurring in the proof tree 
T, T|z/c] is a proof tree. The lemma also holds for L.K,-proofs. 


Proof: Similar to that of lemma 6.4.3. 


The following lemma is the key to a constructive proof of the interpola- 
tion theorem. 


Lemma 6.5.2 Let L be a first-order language without equality, without =, 
and with constant L. Given any provable sequent T — A, let ([1,T2) and 
(A,, Ag) be pairs of disjoint subsequences of T and A respectively, such that 
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the union of [; and T's is I’, and the union of A, and Ag is A. Let us call 
<Ty,A1,T2, Ag > a partition of [ — A. Then there is a formula C of LK, 
called an interpolant of <1, A1,T2,A2 > having the following properties: 


(i) Ty — Ai, C and C,T2 — Ag are LK _-provable. 


(ii) All predicate symbols (except for L), constant symbols, and variables 
free in C occur both in Ty UA, and Ig U Ag. 


Proof: We proceed by induction on cut-free proof trees. We treat some 
typical cases, leaving the others as an exercise. 


(1) [ > A is an axiom. Hence, it is of the form A — A. There are four 
cases. For < I'y,A,,T%2, Ag >=< A, A,0,0 >, C =L; for < Ty, A 1,02, Ag > 
=<0,0,4,A>,C =-7 1; for <T,,A,,T%, A, >=< A,0,0,A >, C = A; For 
< Ty, A1,P2, Ae >S< 0, A, A, @ es C — aA. 


(2) The root inference is A : right: 


ToA,A T-A,B 
Ts+A,AAB 


Assume the partition is 
x QT), (Ai, AA B),T2, Ae >; 


the case 
< T),A1,T2,(A2, AA B) > 


being similar. We have induced partitions < T'),(Ai,A),[2,A.2 > and < 
T,, (Ai, B),T2,A2 >. By the induction hypothesis, there are formulae Cy 
and Cy, satisfying the conditions of the lemma. Since T; — Aj, A,C;, and 
T, — Aj, B,C. are provable, 

Ty _- Ay, A,C, V Co 


and 
Ty — Ay, B,C, V C2 


are provable (using V : right), and 
T, ~A,,AAB,Ci VC, 
is provable, by A : right. Since C,,Tl2 — Ag and C2,T2 — Ag are provable, 
C1 V C2,T2 — Ao 


is provable by V: left. Then, we can take C V C2 as an interpolant. 
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(3) The root inference is V : right: 


TA, Aly/z] 
TS A,Va2Aa 


where y does not occur free in the conclusion. Assume the partition is 
<S T;, (Ay, VxA), To, Ao >; 


the case 
<a TY, Ai, Ts, (Ag, Vz A) > 


being similar. By the induction hypothesis, there is an interpolant C’ such 
that Ty — Ay, Aly/z],C and C,T2 — Ag are provable. By condition (ii) 
of the lemma, C' cannot contain y, since otherwise y would be in T, U Aj, 
contradicting the fact that y does not occur free in T — A, VxA. Hence, 


Ty =e Ai, VaA, C 
is provable by V : right. Since by the induction hypothesis 
C, Ts, _- Ao 


is provable, we can take C’ as an interpolant. 


(4) The root inference is V : left: 


Alt/z],T — A 
V@A,T oA 


where t is free for x in A. 


This case is more complicated if t is not a variable. Indeed, one has to 
be careful to ensure condition (ii) of the lmma. Assume that the partition is 
< (VaA, T,), Ai, To, Ao By the case < T;, Ai, (VzA,T2), Ao > being similar. 
By the induction hypothesis, there is a formula C such that 


Alt/ax],T1 = Ai,C and C, T> _- Ao 


are provable. First, note that VzA,Ty — Aj,C is provable by V: left. If t 
is a variable z and z does not occur free in VzA,T — A, then by V : right, 
VaA,T, — Ay, VzC is provable, and so is VzC,T2 — Ao, by V: left. Since 
C' contains predicate symbols, constants and free variables both occurring in 
(A[z/a],01) U Ay and [2 U As, and z does not occur free in VzA,T — A, 
the formula VzC also satisfies condition (ii) of the lemma. If z occurs free in 
(Vx@A,T,) U Aj, then C' can serve as an interpolant, since if it contains z, z 
is both in (V#zA,T,) U Ay and also in Tz U Ag by the induction hypothesis. 
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If ¢ is not a variable, we proceed as follows: Let x1,...c,% and Cj,...,Cm be 
the variables and the constants in t which occur in C but do not occur in 
(V7A,T1)U Ay. In the proof of A[t/z],T, — Ai, C, replace all occurrences of 
X1,..0~ and ¢1,...,Cm in t and C by new variables 21, ..., 24m (not occurring 
in the proof). Let t’ be the result of the substitution in the term t, and C” the 
result of the substitution in the formula C. By lemma 5.6.1, A[t’/z],T1 —- 
Ai,C’ is provable. But now, 21,...,2%+m do not occur free in VzA,T, > 
Ai, V21...VZk4mC", and so 


Vr A,Ty = Ay, V21...VeK4mC" 
is provable (by applications of V : right and V: left). But 
V21...VZp+mC",T2 — Ao 
is also provable (by applications of V : left). Hence, 
Vz1...VZbtmC" 


can be used as an interpolant, since it also satisfies condition (ii) of the lemma. 


Note that the method used in lemma 6.5.2 does not guarantee that the 
function symbols occurring in C also occur both in Ty U Ay and Pg U Ag. 


We are now ready to prove Craig’s interpolation theorem for LK. 


Theorem 6.5.1 (Craig’s interpolation theorem, without equality) Let L be 
a first-order language without equality and without =. Let A and B be two 
L-formulae such that A > B is LK-provable. 


(a) If A and B contain some common predicate symbol, then there exists 
a formula C called an interpolant of A D B, such that all predicate, constant 
symbols, and free variables in C occur in both A and B, and both A D C and 
CD B are LK-provable. 


(b) If A and B do not have any predicate symbol in common, either 
A-— is LK-provable or — B is LK-provable. 


Proof: Using the cut rule, it is obvious that — A D B is LK-provable 
iff A — B is. Consider the partition in which Ty = A, A; = 0, T2 = @ and 
A>, = B. By lemma 6.5.2, there is a formula C' of LAK, such that A - C 
and C — B are LK .-provable, and all predicate, constant symbols, and free 
variables in C occur in A and B. If A and B have some predicate symbol P 
of rank n in common, let P’ be the sentence 


Vy1 Wyn (P(yi, 5 Yn) A WP(Y1, Yn), 


where 41,.--; Yn are new variables. Let C’ be obtained by replacing all occur- 
rences of | in C by P’. Since P’ is logically equivalent to L, it is not difficult 
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to obtain LK-proofs of A — C’ and of C’ — B. But then — AD C” and 
— C’ Dd B are Lk-provable, and the formula C’ is the desired interpolant. 


If A and B have no predicate symbols in common, the formula C’ given 
by lemma 6.5.2 only contains L as an atom. It is easily shown by induction on 
the structure of C that either — C is LK ,-provable or C' > is LK ,-provable. 
But then, using the cut rule, we can show that either A — is LK .-provable, 
or — B is LK,-provable. However, since neither A nor B contains | and the 
cut elimination theorem holds for LK, a cut-free proof in Lk, for either 
A-— or > B is in fact an LK-proof. 


EXAMPLE 6.5.1 


Given the formula 
(P(a) AVaQ(x)) D (WyS(y) V Q(d)), 


the formula Vz@Q(x) is an interpolant. 


6.5.3 Craig’s Interpolation Theorem With Equality 


We now consider Craig’s interpolation theorem for first-order languages with 
equality. Because cuts cannot be completely eliminated in LK,-proofs, the 
technique used in lemma 6.5.2 cannot be easily extended to the system Like. 
However, there is a way around, which is to show that a sequent S=[— A 
is L.K.-provable if and only if the sequent S.,[ — A is LK-provable, where 
S. is a certain sequence of closed formulae called the closed equality axioms 
for [3 A. 


Definition 6.5.1 Given a sequent S = [ — A, the set of closed equality 
axioms for S is the set S- of closed formulae given below, for all predicate 
and function symbols occuring in S: 


Va(a = 2x) 
Va... VanVyi..Vyn(@1 = yi A. Atn = Yn D f (1, --52n) = f(y, 5 Yn)) 
Vaz... VanVyr.V¥n(@1 = Yi A. N@n = Yn A P(21,--,2n) D P(y1, +5 Yn)) 


Lemma 6.5.3 A sequent S = [ — A is LK-,-provable iff S.,[ — A is 
LK-provable. 


Proof: We sketch the proof, leaving the details as an exercise. First, 
we show that if S is LK.-provable then S.,[ — A is LK-provable. For this, 
we prove that for every equality axiom I’ — A’ of LK, used in the proof 
of S, the sequent S.,I’ — A’ is LK-provable. We conclude by induction on 
LK-,-proof trees. 
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Next, assume that S.,[ — A is LK-provable. First, we show that every 
formula in S, is L.K_-provable. We conclude by constructing an LK .-proof of 
T — A using cuts on formulae in S¢. 


We can now generalize lemma 6.5.2 to LK as follows. Let LK. be 
the system obtained by allowing L as a constant and the sequent 1— as an 
axiom. 


Lemma 6.5.4 Let L be a first-order language with equality and with con- 
stant L, but without =. Given any LK,-provable sequent [ — A, let 
([,,T2) and (A,, Az) be pairs of disjoint subsequences of T and A respec- 
tively, such that the union of [, and [, is T, and the union of A; and Ag 
is A. < Ty, A1,T2, Ag > is called a partition of f — A. There is a formula 
C of LK... called an interpolant of < 11, Ai,0%2, Ag > having the following 
properties: 


(i) Ty — Ay, C and C,T2 — Ag are LK,-provable. 


(ii) All predicate symbols (except for =), constant symbols, and variables 
free in C occur both in Ty U Ay and Tg U Ag. 


Proof: By lemma 6.5.3, S = [T — A is LK.-provable iff S.,[ — A is 
Lk-provable. Let S$} be the closed equality axioms corresponding to function 
and predicate symbols in Ty U A;, and S? the closed equality axioms corre- 
sponding to function and predicate symbols in 'zUAg. Clearly, $. = SiUS?. 
Consider the partition < ($2,T,), Ai, ($?,T2), Ay >. By lemma 6.5.2, there 
is a formula C such that 


Ss,li—4Ai,C and C,S?,T.— As 


are LK ,-provable, and the predicate symbols, constant symbols and free vari- 
ables in C occur both in S$! UT, UA, and S2 UT, U Ag. By definition of $2 
and $?, the predicate symbols (other than =) in $} are those in Ty UA;, and 
similarly for S? and [2 U Ag. Furthermore, all formulae in S} and S$? being 
closed, there are no free variables occurring in them. Hence, the predicate 
symbols, constant and free variables in C occur both in Py U Ay and Pg U Ag. 
Using lemma 6.5.3 again, [) — A,,C and C,T2g — Ag are LK,,\-provable. 
Now, we can replace all occurrence of L in C by =Vz(z = z), where z is a 
new variable, obtaining a formula C’, and since L is logically equivalent to 
“W2(z = z), it is easy to obtain LK.-proofs for Ty > Ay, C’ and C’,T2 > Ag. 
Taking C’ as the interpolant this concludes the proof of the lemma. 


Using lemma 6.5.4, Craig’s interpolation theorem is generalized to lan- 
guages with equality. 


Theorem 6.5.2 (Craig’s interpolation theorem, with equality) Let L be a 
first-order language with equality and without =. Let A and B be two L- 
formulae such that A > B is L.K,-provable. Then there exists a formula C 
called an interpolant of A D> B, such that all predicate symbols except =, 
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constant symbols, and free variables in C occur in both A and B, and both 
ADC and C D B are LK,-provable. 


Proof: As in theorem 6.5.1, A > B is L.K,-provable iff A > B is LK,- 
provable. We apply lemma 6.5.4 to the partition in which Ty = A, A; = 9, 
Tz =@ and Az = B. This time, because = is available, the result is obtained 
immediately from lemma 6.5.4. 


Remark: As in theorem 6.5.2, our proof does not guarantee that the 
function symbols occurring in the interpolant also occur in both A and B. 
However, this can be achieved using a different proof technique presented 
in problem 5.6.7, which consists in replacing function symbols by predicate 
symbols. Hence, in case of a first-order language with equality, we obtain a 
stronger version of Craig’s interpolation theorem, in which all predicate sym- 
bols (different from =), function symbols, constant symbols, and free variables 
occurring in the interpolant C of A > B occur in both A and B. 


In the next section, we give two applications of Craig’s interpolation 
theorem. 


PROBLEMS 


6.5.1. Finish the proof of lemma 6.5.1. 
6.5.2. Finish the proof of lemma 6.5.2. 


6.5.3. Give a proof for lemma 6.5.3. 


6.5.4. Verify that the cut elimination theorem holds for LA,, and for LK.) 
(without essential cuts). 


6.5.5. Provide the details in the proof of theorem 6.5.1 regarding the re- 
placement of L by Vy1...Vyn(P(y1, Yn) A 7P(y1, --Yn))- 


6.5.6. Show that Va-P(x) V Q(b) is an interpolant for 


[(R 5 AeP(2)) > Q(b)] > Wa((S A P(x) > (SA Q(b)))). 


6.5.7. Using the proof technique presented in problem 5.6.7, which con- 
sists in replacing function symbols by predicate symbols, prove the 
stronger version of Craig’s interpolation theorem, in which all predi- 
cate symbols (different from =), function symbols, constant symbols, 
and free variables occurring in the interpolant C of A D B occur in 
both A and B. 
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6.6 Beth’s Definability Theorem 


First, we consider what definability means. 


6.6.1 Implicit and Explicit Definability 


Let L be a first-order language with or without equality. Let A,,..., Am be 
closed formulae containing exactly the distinct predicate symbols P, ..., Pr, Q, 
where Q is not =, but some of the P; can be =. Assume that Q has rank 
n > 0. We can view Aj,..., Am as the axioms of a theory. The question of 
interest is whether @ is definable in terms of P),...,P,. First, we need to 
make precise what definable means. Let A(P,...,P,,Q) be the conjunction 
Ai A...A\ Am- 


A first plausible criterion for definability is that, for any two L-structures 
A and B with the same domain M, and which assign the same interpretation 
to the predicate symbols P,,..., Px, 
if AE A(P,,...,.P,Q) and BE A(P,..., Py, Q), 
then for every (a1,...,@n) € M”, 
AE Q(qa1,...,€n) iff BE Q(a1,..., an). 


The idea is that given any two interpretations of the predicate symbols 
Q, if these two interpretations make A(P,,..., Px, Q) true then they must agree 
on Q. This is what is called implicit definability. 


A seemingly stronger criterion for definability is the following: 


Definition 6.6.1 Assume that there is an L-formula D(P,..., P,) whose 
set of free variables is a subset of {21,...,2%,} and whose predicate symbols 
are among P,...,.P,, and which contains at least one of the P;. We say that 
Q is defined explicitly from P,,..., Py, in the theory based on Aj,..., Aj, iff the 
following is provable (or equivalently valid, by the completeness theorem): 


— A(Pi,..., Pe, Q) D Va1..Van(Q(a1,...,0n) = D(Pi,..., Pe)), 
where A(P,..., Pr, Q) is the conjunction A; A... A Am. 


We can modify the definition of implicit definability so that it refers to 
a single structure as opposed to a pair of structures, by using a new copy Q’ 
of the predicate symbol Q, explained as follows. 


Definition 6.6.2 Let P,,...,Pk,Q,Q’ be distinct predicate symbols, and 
let A(P\,..., Pe, Q’) be the result of substituting Q’ for Q in A(Pi,..., Pr, Q). 
We say that Q is defined implicitly from P,,...,P, in the theory based on 
Aj,..., Am iff the following formula is valid (or equivalently provable): 


A(P1, --- Pe, Q) A A(Pt, .--; Pe, Q’) D 
Vary... Vn (Q(a1, +) En) = Q'(X1,---)2n)), 
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where A(P,,..., Pr, Q) is the conjunction A; A... A Am. 


EXAMPLE 6.6.1 


Let L be the language with equality having 0 as a constant, S as a 
unary function symbol, + as a binary function symbol, and < as a binary 
predicate symbol. Let A(=, <) be the conjunction of the following closed 
formulae: 


Van(S(a) = 0) 
VaVvy(S(x) = S(y) Dx =y) 


Va(a +0 = x) 
VaVy(x + S(y) = S(x+y)) 
Va(0 < Sx) 


The predicate symbol < is not definable implicitly from = and A(=, <). 
Indeed, we can define two structures A and B with domain N, in which 
0, S and + receive the same natural interpretation, but in the first 
structure, < is interpreted as the strict order on N, whereas in the 
second, we interpret < as the predicate such that for allz,yeN,a<y 
iff ¢ = 0. Both A and B are models of A(=,<), but < is interpreted 
differently. 


On the other hand, if we add to A(=, <) the sentence 


VaVy(x < y = dz(y=2+S(z))), 


then D = Az(y = «+ S(z)) defines < explicitly. 


6.6.2 Explicit Definability Implies Implicit Definability 


It is natural to ask whether the concepts of implicit and explicit definability 
are related. First, it is not difficult to see that explicit definability implies 
implicit definability. Indeed, we show that if 


A(P1, bs Pr, Q) 2) Vor 1..Van(Q(a1, ies By) = D(Pi, wy Pk )) 


is valid, then A(P),...,P,,Q) defines Q implicitly. For if A(Pi,...,Py,Q) A 
A(P1,..., Px, Q’) is valid in any model A, then 


Va1..V¢n(Q(a1,...,0n) = D(Pi,...,P,)) and 
Vary... Vtn(Q' (21, ---)2n) = D(Pi, -.., Px) 


are valid in A, and this implies that 


Vary... Vtn(Q(a1, 5 Un) = Q’ (X11, ---)Ln)) 
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is valid in A. 


The fact that explicit definability implies implicit definability yields a 
method known as Padoa’s method, to show that a predicate Q is not definable 
explicitly from P,,...,P;,, in the theory based on Aj,..., Am: 


Find two structures with the same domain and assigning the same in- 
terpretation to the predicate symbols P;,...,P,, but assigning different inter- 
pretations to Q. 


However, it is not as obvious that implicit definability implies explicit 
definability. But this is the case, as shown by Beth’s theorem. The proof 
given below that uses Craig’s interpolation theorem even gives the defining 
formula D(P,,..., Py) constructively. 


6.6.3  Beth’s Definability Theorem, Without Equality 


First, we consider the case of a first-order language without equality. 


Theorem 6.6.1 (Beth’s definability theorem, without equality) Let L bea 
first-order language without equality. Let A(Pi,...,Px,@Q) be a closed formula 
containing predicate symbols among the distinct predicate symbols P, ..., Px, 
Q, where Q has rank n > 0. Assume that Q is defined implicitly from P,, ..., P; 
by the sentence A(P1, ..., Px, Q). 


(a) If one of the predicate symbols P; actually occurs in A(P;,..., Pr, Q), 
then there is a formula D(P,,..., P,) defining Q explicitly from P),..., Px. 


(b) If none of the predicate symbols P,,...,P, occur in A(P1,..., Px), 
then either 


(Pi, ..., Pe, Q) DVa1..VanQ(a1,...,0n) or 
(Pi, ..., Pe, Q) D Va1..Van7Q(a1,...,2n)- 


Proof: Assume that 


A(P,---; Pe, Q) A A(P1, ---; Pe, Q’) D 
VRE (Oia ty) SO Biss Pe) 


is valid. Since A(P,,..., Pk, Q) and A(P),..., Pk, Q’) are closed, 
A(P1, wey Pe, Q) A A(Pi, ere ae Q') =) (Q(a1, sesg tne) = Q' (x1, ey) 
is also valid. This formula is of the form (A A B) D (C = D). It is an easy 


exercise to show that if (A A B) D (C = D) is valid, then (AAC) D (BD D) 
is also valid. Hence, 


(1) (A(Pi, wey Pe, Q) A Q(x1, Ante) ): (A(PL, wy Pr, Q') >» Q' (x1, sa) 
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is valid. 


(a) If some of the predicate symbols P; occurs in A(P1,..., P,Q), by 
Craig’s theorem (theorem 6.5.1) applied to (1), there is a formula C containing 
only predicate symbols, constant symbols, and free variables occurring in both 
A(P, sony Px, Q) AQ(#1, weey Ln) and A(Pi, sang Px, QQ) rw) Q' (21, sang Bin) and such 
that the following are valid: 


(2) (A(P1,..-; Pk, Q) A Q(21,.-.,2n)) DC, 
and 
(3) CD (A(P, wy Pr, Q') i=) Q' (x1, a En) 


Since A(P,, ..., Py, Q) AQ(#1, ...,@n) does not contain Q’ and A(P,,..., Pr, Q’) 
D Q'(x1,...;U%n) does not contain Q, the formula C' only contains predicate 
symbols among P,..., Pj, and free variables among 71,...,%n. 


By substituting Q for Q’ in (3), we also have the valid formula 
(4) CD (A(Pi,.--, Pe, Q) D Q(21,...,2n)), 
which implies the valid formula 
(5) A(Pi, ...,Pe,Q) Dd (CD Q(a1, ...,En)). 
But (2) implies the validity of 
(6) A(P1,..., Pk, Q) D (Q(a1,..-,2n) DC). 
The validity of (5) and (6) implies that 
A(P,..., Pe,Q) D (C = Q(#1, ..., Ln)) 


is valid, which in turns implies that C' defines Q explicitly from P,..., Px. 


(b) If none of P,,..., Py occurs in A(P,,..., Pr, Q), then by Craig’s theo- 
rem (theorem 6.5.1), part (ii), either 


(7) A(A(P1, «+5 Pes Q) A Q(21, «5 tn) 
is valid, or 

(8) A( Pi, +) Pes Q’) DQ! (21, +++ 2n) 
is valid. 


Using propositional logic, either 


ACP wy Pe, Q) 2 nQ(21, sige) 
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is valid, or 
A(Pi, oi Pe) eo) Q(x, pin) 


is valid, which implies part (b) of the theorem. 


6.6.4 Beth’s Definability Theorem, With Equality 


We now consider Beth’s definability theorem for a first-order language with 
equality. This time, we can define either a predicate symbol, or a function 
symbol, or a constant. 


Theorem 6.6.2 (Beth’s definability theorem, with equality) Let L be a 
first-order language with equality. 


(a) Let A(P1,..., P,Q) be a closed formula possibly containing equal- 
ity and containing predicate symbols among the distinct predicate symbols 
P,,..., Pk, Q (different from =), where Q has rank n > 0. Assume that Q is 
defined implicitly from P;,...,P, by the sentence A(P,..., P,Q). Then there 
is a formula D(P,,..., P,) defining Q explicitly from P,,..., Pr. 


(b) Let A(Pi,..., Px, f) be a closed formula possibly containing equal- 
ity, and containing predicate symbols among the distinct predicate symbols 
P,,..., Py (different from =), and containing the function or constant sym- 
bol f of rank n > 0. Assume that f is defined implicitly from P,,...,P, by 
the sentence A(P,,..., Px, f), which means that the following formula is valid, 
where f’ is a new copy of f: 


A(P iy 0-05 Pay f) A A(PAy 5) Phe £1) D Wor Won (fF (@15 +5 Pn) = f"(@1, +) Bn))- 
Then there is a formula D(P,, ..., P,.) whose set of free variables is among 


X1,..-,0n and not containing f (or f’) defining f explicitly, in the sense that 
the following formula is valid: 


A(P1,..., Pe, f) D Vari. VenVy((f (a1, .,¢n) = y) = D(Pi,..., Pr))- 


Proof: The proof of (a) is similar to that of theorem 6.6.1(a), but using 
theorem 6.5.2, which yields D(P,..., P,) in all cases. 


To prove (b), observe that f(a1,...,¢n) = f’(x1,...,Un) is equivalent to 
Vy((f (15 ---52n) = y) = (f'(21,-- En) = y)). 


We conclude by applying the reasoning used in part (a) with f(1,...,¢n) =y 
instead of Q(a1,...,2n)- 


The last application of Craig’s interpolation theorem presented in the 
next section is Robinson’s joint consistency theorem. 
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PROBLEMS 


6.6.1. Show that in definition 6.6.2, the definability condition can be relaxed 
to 


A(P, egal ea) A A(Pi, wy Pe, Q') 2 
Vary... Vn (Q(a1, --;2n) D Q!(X1,..-,Ln))- 


6.6.2. Give the details of the proof that explicit definability implies implicit 
definability. 


6.7 Robinson’s Joint Consistency Theorem 


Let L be a first-order language with or without equality, and let Li and Le 
be two expansions of L such that L = L, Lg. Also, let S; be a set of 
L,-sentences, Sz a set of L2-sentences, and let S = S,M So. If S; and S2 are 
both consistent, their union S; U S2 is not necessarily consistent. Indeed, if 
S is incomplete, that is, there is some L-sentence C' such that neither S — C 
nor S — —C is provable, S; could contain C' and $2 could contain =C’, and 
S, U Sp would be inconsistent. A concrete illustration of this phenomenon 
can be given using Gédel’s incompleteness theorem for Peano’s arithmetic, 
which states that there is a sentence C of the language of arithmetic such 
that neither Ap — C nor Ap — —C is provable, where Ap consists of the 
axioms of Peano’s arithmetic (see example 5.6.3). (For a treatment of Gédel’s 
incompleteness theorems, see Enderton, 1972; Kleene, 1952; Shoenfield, 1967; 
or Monk, 1976.) Since Peano’s arithmetic is incomplete, then {Ap,C} and 
{Ap,7C} are both consistent, but their union is inconsistent. 


A. Robinson’s theorem shows that inconsistency does not arise if S is 
complete. Actually, one has to be a little careful about the presence in the 
language of function symbols or of the equality predicate =. 


Theorem 6.7.1 (Robinson’s joint consistency theorem) Let L be a first- 
order language either without function symbols and without equality, or with 
equality (and possibly function symbols). Let L; and Lz be two expansions 
of L such that L = L,M Leg. Let S$; be a set of Ly-sentences, Sz a set of L2- 
sentences, and let S = $,M 5S». If S; and S are consistent and S is complete, 
that is, for every closed L-formula C, either Fk S — C, or F S — 7AC, then 
the union 5; US» of S; and So is consistent. 


Proof: Assume that $1 U Sp is inconsistent. Then F S; US —. By the 
completeness theorem (theorem 5.6.1), there is a finite subsequent of S;US2 > 
that is provable. Let Aj,...,Am,B1,...,B, — be such a sequent, where 
Aj,..,Am € $1, and By,...,By, € So. It is immediate that 


F(A, A...A Am) DA(BL A... A By). 
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We apply Craig’s interpolation theorem (theorem 6.5.1) to this formula. 


First, we consider the case where L does not contain function symbols 
and does not contain equality. Then, if A; A...\ Am and 7(B, A... A B,) do 
not have any predicate symbol in common, either 


L(A, A... A Am), or 
bA(B, A... A By). 


In the first case, the consistency of S; is contradicted, in the second case, the 
consistency if Sy is contradicted. 


If (Ay A... A Am) and =(B, A... By) have some predicate in common, 
then there is a formula C’ such that 


(1) F (AV A...A Am) DC, 
and 
(2) FCD-7(BiA...A Bn), 


and the predicate symbols, constant symbols and variables free in C' are both 
in Ay A...A Am and =(B, A... By). Since these formulae are closed, C is 
also a closed formula, and since L = L; N Lg, C is a closed L-formula. Since 
S is complete, either + S — C or S > -C. In the first case, by (2) 


-S—3 3(By Peed B,), 
contradicting the consistency of Sp. In the second case, by (1) 
FS 7(Ay A... A Am); 


contradicting the consistency of 5}. 


If L is a language with equality, we need the strong form of Craig’s in- 
terpolation theorem mentioned as a remark after theorem 6.5.2, which states 
that the all predicate, function and constant symbols occurring in an inter- 
polant C of AD B occur in both A and B. The rest of the proof is as above. 


Another slightly more general version of Robinson’s joint consistency 
theorem is given in problem 6.7.1. 


PROBLEMS 


6.7.1. Prove the following version of Robinson’s joint consistency theorem: 
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Let L be a first-order language either without function symbols and 
without equality, or with equality (and possibly function symbols). 
Let L; and Lz be two expansions of L such that L = Ly 1 Lg. Let 
S; be aset of Lj-sentences, and let Sj a set of Lo-sentences. Assume 
that S; and S> are consistent. Then the union S$; U S2 of S; and S» 
is consistent iff for every closed L-formula C, either S; — C is not 
provable, or Sy — 7C is not provable. 


6.7.2. Prove that the version of Robinson’s joint consistency theorem given 
in problem 6.7.1 implies Craig’s interpolation theorem. 


Hint: Let A > B be a provable formula. Let S$; = {C | + A > C}, 
and Sy = {C | } ~AB—- Cy}. Then 5S}; U 59 is inconsistent. 


Notes and Suggestions for Further Reading 


Gentzen’s cut elimination theorem is one of the jewels of proof theory. Orig- 
inally, Gentzen’s motivation was to provide constructive consistency proofs, 
and the cut elimination theorem is one of the main tools. 


Gentzen’s original proof can be found in Szabo, 1969, and other proofs 
are in Kleene, 1952, and Takeuti, 1975. A very elegant proof can also be found 
in Smullyan, 1968. The proof given in Section 6.4 is inspired by Schwichten- 
berg and Tait (Barwise, 1977, Tait, 1968). 


Craig himself used Gentzen systems for proving his interpolation theo- 
rem. We have followed a method due to Machara sketched in Takeuti, 1975, 
similar to the method used in Kleene, 1967. There are model-theoretic proofs 
of Craig’s theorem, Beth’s definability theorem, and Robinson’s joint consis- 
tency theorem. The reader is referred to Chang and Keisler, 1973, or Shoen- 
field, 1967. 


The reader interested in proof theory should also read the article by 
Schwichtenberg in Barwise, 1977. For an interesting analysis of analytic versus 
nonanalytic proofs, the reader is referred to the article by Frank Pfenning, in 
Shostak, 1984a. 


Chapter 7 


Gentzen’s Sharpened 
Hauptsatz; Herbrand’s 
Theorem 


7.1 Introduction 


We have mentioned in Chapter 6 that the cut elimination theorem shows the 
existence of normal forms for proofs, namely the fact that every LK-proof can 
be transformed to a cut-free proof (or a proof without essential cuts in LK.). 


In this chapter we shall use Gentzen’s cut elimination theorem (also 
called Gentzen’s Hauptsatz) to prove a version of Herbrand’s theorem for 
LK and LK,. A derivation of Herbrand’s theorem from the cut elimination 
theorem has the advantage that it yields a constructive version of the result, 
in the spirit of Herbrand’s original version (Herbrand, 1971). The proof given 
in this chapter using Gentzen’s Hauptsatz is inspired from a method sketched 
in Kleene, 1967. 


Herbrand’s theorem is perhaps the most fundamental result of first- 
order logic because it shows how the provability of a formula of first-order 
logic reduces to the provability of a quantifier-free formula (obtained from the 
original formula by substitutions). 


Before proceeding any further, we wish to emphasize that Herbrand’s 
original theorem is concerned with provability, a proof-theoretic concept, and 
not validity, a semantic concept. 


This is an important point because another theorem known as Skolem- 
Herbrand-Godel theorem is often improperly referred to as Herbrand’s theo- 
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rem in the literature, thus causing a confusion. The Skolem-Herbrand-Godel 
theorem is similar in form to Herbrand’s theorem but deals with unsatisfia- 
bility (or validity), a semantic concept. 


The reason for the confusion is probably that, by Godel’s completeness 
theorem, validity can be equated to provability. Hence, Herbrand’s original 
theorem can also be stated for unsatisfiability (or validity). 


However, Herbrand’s original theorem is a deeper result, whose proof 
is significantly harder than the Skolem-Herbrand-Gédel theorem, and Her- 
brand’s theorem also yields more information than the latter. More on this 
subject will be said at the end of Sections 7.5 and 7.6. For an illuminating 
discussion, the reader should consult Goldfarb’s introduction to Herbrand, 
1971. 


In this chapter, we shall give in Section 7.5 a version of Herbrand’s 
original theorem for prenex formulae, and in Section 7.6 a version of the 
Skolem-Herbrand-Gédel theorem for formulae in NNF (actually, half of this 
theorem is more like Herbrand’s original theorem). 


The Skolem-Herbrand-Godel theorem can be viewed as the theoretical 
basis of most theorem proving methods, in particular the resolution method, 
one of the best known techniques in automatic theorem proving. In fact, 
the completeness of the resolution method will be shown in Chapter 8 by 
combining the Skolem-Herbrand-Gédel theorem and theorem 4.3.2. 


A constructive version of Herbrand’s theorem can be obtained relatively 
easily from Gentzen’s sharpened Hauptsatz, which is obtained by analyzing 
carefully cut-free proofs of formulae of a special type. 


Gentzen’s sharpened Hauptsatz shows that provided the formulae in 
the bottom sequent have a certain form, a proof can be reorganized to yield 
another proof in normal form such that all the quantifier inferences appear 
below all the propositional inferences. The main obstacle to the permutation 
of inferences is the possibility of having a quantifier rule applied to the side 
formula arising from a propositional rule as illustrated below: 


EXAMPLE 7.1.1 
Q(f(9(a))) > Q(F(9(@))) 


P(a) > Q(F(g(@))) VeQ(f(x)) > Q(f(g(@))) 
P(a) VV2Q(f(x)) > Q(F(g(@))) 


The obvious solution that consists in permuting the V : left rule and 
the V : left rule does not work since a quantifier rule is not allowed to 
apply to a subformula like VzQ(f(a)) in P(a) V V2Q(f(2)). 


There are at least two ways of resolving this difficulty: 
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(1) Impose restrictions on formulae so that a quantifier inference cannot 
be applied to the side formula of a propositional inference. 


(2) Allow more general quantifier rules applying to subformulae. 


The standard approach has been to enforce (1) by requiring the formulae 
to be prenex formulae. A Prenex formula is a formula consisting of a (possibly 
empty) string of quantified variables followed by a quantifier-free formula, and 
it is easily seen that (1) holds. 


The second approach is perhaps not as well known, but is possible. 
Smullyan has given quantifier rules (page 122 in Chapter 14 of Smullyan, 1968) 
that allow the permutation process to be performed for unrestricted formulae, 
and a general version of the extended Hauptsatz is also given (theorem 2, page 
123). These rules are binary branching and do not seem very convenient in 
practice. We will not pursue this method here and refer the interested reader 
to Smullyan, 1968. 


We have also discovered that Andrews’s version of the Skolem-Herbrand- 
Gédel theorem (Andrews, 1981) suggests quantifier rules such that (2) holds 
for formulae in negation normal form. Such rules are quite simple, and since 
there is a refutation method based on Andrews’s version of Skolem-Herbrand- 
Gédel’s theorem (the method of matings), we shall give a proof of the extended 
Hauptsatz for such a system. Since every formula is equivalent to a prenex 
formula and to a formula in negation normal form, there is no loss of gen- 
erality in restricting our attention to such normal forms. In this Chapter, it 
is assumed that no variable occurs both free and bound in any sequent (or 
formula). 


7.2 Prenex Normal Form 

First, we define the concept of a prenex formula. 

Definition 7.2.1 (Prenex form) A formula is a prenex formula (or in prenex 
form) iff either it contains no quantifiers, or it is of the form Q121...Qn@nB, 


where B is a formula with no quantifiers (quantifier-free), 71,...,% are (not 
necessarily distinct) variables, and Q; € {V,5}, for i = 1,...,n. 


In order to show that every formula is equivalent to a prenex formula, 
the following lemma will be used. 


Lemma 7.2.1 The following formulae are valid: 
(a) «(A D> B) = (AvA D B) 
dz(A D B) = (Va#AD B) 
where x does not occur free in B. 

Ya(A > B) = (ADVzB) 
dz(A DB) = (AD AxB) 


306 7/Gentzen’s Sharpened Hauptsatz; Herbrand’s Theorem 


where x does not occur free in A. 


(b) WeA = drA 
ad¢zA =VaenA 
(c) (VaAV B) =Va2(AV B) 
(V2A A B) =Va2(AA B) 
(avA V B) = Ax(AV B) 
(avA A B) = 52(AA B) 


where x does not occur free in B. 


(d) Va(AA B) =VrAAVrB 
da(AV B) = ArAV AxB 
(e) VaA = VyAly/a] 
dA = AyAly/2] 


where y is free for x in A, and y does not occur free in A unless y = & 


(y ¢ FV(A) — {z}). 


Proof: Some of these equivalences have already been shown. We prove 
two new cases, leaving the others as an exercise. A convenient method is to 
construct a proof tree (in G). 


We give proofs for (VzA A B) = Va(AA B) and (VtAV B) = Va(AV B), 
where «x is not free in B. As usual, to prove X = Y, we prove X D Y and 
YD X. 


(i) Proof of (VzA A B) D Va(AA B): 


Aly/2],B > Aly/21 Aly/2],B > B 
Aly/z], B — (Aly/z] A B) 
YrA,B- (AA B)y/z] 


for a new variable y 


VaA,B—Va(AA B) 


(V2@A A B) > Va(AA B) 


— (VtA A B) > Va(AA B) 


We have used the fact that since x is not free in B, Bly/x] = B. 


(ii) Proof of Va(A A B) D (WaA A B) 
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Aly/a], B — Aly/2] 


Aly/2]\ B= Aly/2| Aly/2],B > B 
Ya(A A B) > Aly/z] Aly/z] \B— B 
Va(A A B) = VaA Va(AA B) > B 


— Va(A A B)D (VaA A B) 


Again, y is a new variable and we used the fact that Bly/x] = B. 
(iii) Proof of (VzA V B) D Va(AV B): 


Aly/x] > Aly/a], B 
VcA > Aly/az], B B— Aly/z],B 


(V2AV B) — Aly/z],B 


(V2AV B) > Aly/z] VB 


(VzAV B) > Va(AV B) 


— (V#AV B) D Va(AV B) 


As in (ii) y is a new variable and we used the fact that Bly/x] = B. 
(iv) Proof of Vz(AV B) > (VaAV B): 


Aly/a] > Aly/a], B B— Aly/a],B 


Aly/z] V B > Aly/a], B 


V2(AV B) > Aly/a], B 


Va(AV B) = VaA,B 


Ya(AV B) > (VrAV B) 


— Va(AV B) Dd (VaAV B) 


As in (iii) y is a new variable and we used the fact that Bly/a] = B. 


Theorem 7.2.1 For every formula A, a prenex formula B can be con- 
structed such that A = B is valid (A and B are equivalent). 


Proof: To simplify the proof, we will assume that Q121...Qn2%7B denotes 
the quantifier-free formula B when n = 0. The proof proceeds using the 
induction principle applied to A. The base case is trivial since an atomic 
formula is quantifier free. The induction step requires six cases. We cover 
three of these cases, leaving the others as exercises. 
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(i) A = (BV C). By the induction hypothesis, B is equivalent to 
a prenex formula Q121...Qm2%mB’ and C is equivalent to a prenex formula 
Ryy1..-RnynC", where B’ and C’ are quantifier free and Q;, R; € {V, i}. By 
lemma 7.2.1(e), it can be assumed that the sets of variables {21,...,%m} and 
{y1,.--, Yn} are disjoint and that both sets are also disjoint from the union 
of the sets FV(B’) and FV(C’") of free variables in B’ and C’ (by renaming 
with new variables). Using lemma 7.2.1(c) (several times), we get the prenex 
formula 


Q121--QmtmRiyr.--RnYyn(B’ V Co"), 
which, by lemma 5.3.7 is equivalent to A. 


(ii) A = —B. By the induction hypothesis, B is equivalent to a prenex 
formula Q171...Qm2%mB’ where B’ is quantifier free. For each Q;, let 


Using lemma 7.2.1(b) (several times), by lemma 5.3.7 the prenex formula 
Ry21...Rmtm—-B' 


is equivalent to A. 


(iii) A = Va2B. By the induction hypothesis, B is equivalent to a prenex 
formula Q1,21...Qm2mB’. Hence, by lemma 5.3.7 A is equivalent to the prenex 
formula V2Q121...Qm@mB". 


EXAMPLE 7.2.1 
Let 


A = Va(P(a) V >5y(Q(y) A R(x, y))) V a(P(y) A WVa2P(@)). 


The prenex form of 


The prenex form of 


Va(P(x) V Ay(Q(y) A R(x, y))) 


Vay(P(2) V “(Q(y) A R(@,y)))- 


The prenex form of 
“Wa P(ax) 
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is 


The prenex form of 


The prenex form of 


Va>(P(y) \>P(a)). 


The prenex form of A is 


VaVov2((P(a) V a(Q(v) A R(a, v))) V a(P(y) A >P(2)))- 


In a prenex formula Q121...Qn2%nB, B is sometimes called the matriz. 
Since B is quantifier free, it is equivalent to a formula in either conjunctive 
or disjunctive normal form. The disjunctive normal form of a formula can be 
obtained by using the search procedure as explained in theorem 3.4.2. The 
following lemma, which is the dual of lemma 3.4.5, provides another method 
for transforming a formula into disjunctive normal form. 


Lemma 7.2.2 Every quantifier-free formula A (containing the connectives 
V, A, 7, D) can be transformed into an equivalent formula in disjunctive 
normal form, by application of the following identities: 


(AD B) =(-AVB) 
AA=A 
-(A A B) = (=AV-=B) 
«(A V B) = (=~AA-7B) 
AN(BVC)=(AAB)V(AAC) 
(BVC)AA=(BAA)V(CAA) 
(AA B)AC=AA(BAC) 
(AV B)VC=AV(BVC) 


Proof: The proof is dual to that of lemma 3.4.5 and is left as an exercise. 


In the next sections, we consider versions of the sharpened Hauptsatz. 
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PROBLEMS 


7.2.1. Convert the following formulae to prenex form: 


(-VaP(a,y) V VeR(a, y)) 
Va(P(a) > 7dyR(2, y)) 
(WarWy-VzP(2,y) V ra7dy(742zQ(z, y, 2) D R(z,y))) 


7.2.2. Convert the following formulae to prenex form: 


(ArVyP(x,y) AVysrP(y, x)) 
(>(VaP(x) V dy-Q(y)) V (VzP(z) V dw-Q(w))) 
(-Va2(P(x) V dy-Q(y)) V (WzP(z) V dw7Q(w))) 


7.2.3. Finish the proof of lemma 7.2.1. 
7.2.4. Finish the proof of theorem 7.2.1. 
7.2.5. Prove lemma 7.2.2. 


7.2.6. Write a computer program for converting a formula to prenex form. 


7.3 Gentzen’s Sharpened Hauptsatz for Prenex Formu- 
lae 


First, we will need a certain normal form for proofs. 


7.3.1 Pure Variable Proofs 


Gentzen’s sharpened Hauptsatz for prenex formulae is obtained by observing 
that in a cut-free proof of a prenex sequent (in LK or LK,.), the quantifier 
rules can be interchanged with the propositional rules, in such a way that no 
propositional rule appears below (closer to the root of the proof tree than) 
a quantifier rule. There is actually a more general permutability lemma due 
to Kleene, but only part of this lemma is needed to obtain the sharpened 
Hauptsatz. 


During the course of the proof of the sharpened Hauptsatz, it will be 
necessary to show that every provable sequent (in LK or LK.) has a proof 
in which the variables introduced by V : right and 4 : left rules satisfy 
certain conditions. Proofs satisfying these conditions are called “pure-variable 
proofs.” To illustrate the necessity of these conditions, consider the following 
example. 
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EXAMPLE 7.3.1 


T > P(y), 
7 P)@ Vi right 


P= VeP(2),Q Po VeP(c),Ry) 
A: right 


T > VaeP(x),Q A R(y) 


(To shorten proof trees, structural rules are often not shown.) The rule 
V: right occurs above the rule A : right. We wish to permute these two 
rules; that is, construct a proof with the same conclusion and the same 
premises, but with the V: right rule occurring below the A : right rule. 
The following “proof” almost works, except that the variable y occurs 
free in the conclusion of the V : right rule, violating the eigenvariable 
condition. 


T= P(y),Q T > VeP(2), R(y) 


weakening and exchanges weakening and exchanges 


T > P(y),VeP(2),Q T > P(y),VaP(«), R(y) newt’ 


DPW) VeP@)QNRD song 


T > VaP(x),VeP(x),Q A R(y) 
contraction 


T > VaeP(x),Q A R(y) 


The problem can be eliminated by making sure that for every eigen- 
variable y used in an application of the rule V : right or 4: left, that 
variable only occurs in the subtree rooted at the sequent constituting 
the premise of the rule (and y does not occur both free and bound, but 
this is already a condition required for constructing proof trees). If we 
rename the topmost occurrence of y in the first proof tree with the new 
variable z, the problem is indeed eliminated, as shown. 


EXAMPLE 7.3.2 


Pure-variable proof tree 


re Vi: right 


T > VaP(x),Q T > VaP(x), R(y) apie 


T > VaP(x),Q A R(y) 


New legal proof tree with A : right above V : right 
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T > P(z),Q [ — VrP(z), R(y) 


weakening and exchanges weakening and exchanges 


Tl > P(z), VeP(x),Q T > P(z),VaP(2), R(y) tats 


PPO VEPO)QNRO) sng 


[> VeP(x),VeP(x),QA Ry) ; 
contraction 


T > VaeP(x),Q A R(y) 


Definition 7.3.1 A proof tree (in LK, LK., G or G ) is a pure-variable 
proof tree iff, for every variable y occurring as the eigenvariable in an appli- 
cation of the rule V: right or 4: left, y does not occur both free and bound 
in any formula in the proof tree, and y only occurs in the subtree rooted at 
the sequent constituting the premise of the rule. 


Lemma 7.3.1 In LK or LK, (or G or G_), every proof of a sequent T > A 
can be converted to a pure-variable proof of the same sequent, simply by 
replacing occurrences of variables with new variables. 


Proof: First, recall that from lemma 6.5.1, given a sequent [ > A with 
proof tree T,, where the variable x does not occur bound in T, for any variable 
y not occurring in T, the tree Ty/ax] obtained by substituting y for every free 
occurrence of x in T is a proof tree for the sequent T'[y/xz] — Aly/]. 


The rest of the proof proceeds by induction on the number k of inferences 
of the form V : right or 3: left in the proof tree T for the sequent [ — A. If 
k = 0, the lemma is obvious. Otherwise, T is of the form 


By. se aL 
S 


where each tree T; is of the form 
Qi 
DT; — Aj, Ai[yi/2i] 
Ty 3 Ay, Vai Ai 


or 
Qi 
Ajlyi/ai], Ts > Ai 
ar,Ai,T; > Ti 
where S does not contain any inferences of the form V : right or 4: left, 


the root of Qi is labeled with T; = Ai, Aily:/xi] (or Aj[yi/xa], U5 = Ai), 
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and the leaves of S are either axioms or are labeled with T; — A,,Vz;A; 
(or da;A;,T; + T;). Since each proof tree Q; contains fewer applications of 
Vi: right or J: left than T, by the induction hypothesis, there is a pure- 
variable proof tree Q/ for each T; — Aj, Aily:/xi] (or Ailys/ui], 0; — Aj). 
Note that no variable free in T; > Aj, Aily:/xi] (or Ailyi/zi],Ti - Az), 
including y;, is used as an eigenvariable in Q‘. For every i = 1,...,n, let Q’ 
be the proof tree obtained from Q{ by renaming all eigenvariables in Q‘, so 
that the set of eigenvariables in Q/’ is disjoint from the set of eigenvariables 
in Q' for i 4 j, and is also disjoint from the set of variables in S. Finally, for 
i= 1,...,n, if y; occurs in S (not below T; > Aj, Vx;A; or 4x, A;,T; > Ai, 
since y; is an eigenvariable), let z; be a new variable (not in any of the Q’, 
and such that z; # z; whenever i # j), and let TY be the tree 


QY [zi /yil 
Dp Dy Alla; fe: 
Ti > Ay, Vai Ai 


or 


Qi li/uil 
A,[zi/i], Ti > Ti 


obtained by substituting z; for each occurrence of y; in Qi’. Then, using the 
above claim, one can verify that the following proof tree is a pure-variable 
proof tree: 
Te ht SE 
S 


We will also need the following lemma, which is analogous to lemma 6.3.1. 


Lemma 7.3.2 (i) Every sequent provable in LK is provable with a proof in 
which the axioms are sequents A — A, where A is atomic. 


(ii) Every sequent provable in LK, is provable with a proof in which the 
axioms are either sequents A — A where A is atomic, or equality axioms. 


Proof: The proof proceeds by induction on the weight of a proof as in 
lemma 6.3.1, and is very similar to the proof given in that lemma, except that 
LK (or LK.) inferences are used. The details are left as an exercise. 
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7.3.2 The Permutability Lemma 
The following terminology will be used in proving the permutability lemma 
used for establishing the sharpened Hauptsatz. 


Definition 7.3.2 If in a proof tree T the conclusion of a one-premise rule 
R, is a descendant of some premise of a rule Ro, and if any intermediate 
rules occur between R, and Re, then they are structural rules, we say that 
R, can be permuted with Ro, iff a proof tree T’ can be constructed from T as 
explained below. 


If T is of the form 


T 
S. 
oe, vie 
Ss! 
ST T 
S: S: 
2 R, 
So 
To 
or of the form 
T5 
Ss 
cae * 
St 
Ty ST 
S. S 
3 LR, 
So 
To 


where So, $1, S2, 53, S} are sequents, Tp, T;, T2 are trees, and the only other 
rules in ST between R, and Rez (if any) are structural rules, then T” is of the 


form 
Ti T, 


S3 S2 
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and in the tree Q, the conclusion of the rule R; is not a descendant of any 
premise of the rule R2, and the other rules used in Q besides R, and Rp are 
structural rules. 


If T is of the form 


— Rh 


— Re 


and the only rules in ST (if any) between R, and Rez are structural rules, then 
T’ is of the form 


where in the tree Q, the conclusion of the rule R, is not a descendant of the 
premise of the rule R2, and the other rules used in Q besides R, and Rp are 
structural rules. 


Lemma 7.3.3 In every pure-variable, cut-free proof T in LK (proof without 
essential cuts in LK.) the following properties hold: 


(i) Every quantifier rule R; can be permuted with a rule R2 which is 
either a logical rule, or a structural rule, or the cut rule, provided that the 
principal formula of the quantifier rule is not a side formula of the lower rule 
Ra. 


(ii) Every quantifier rule, contraction or exchange rule R, can be per- 
muted with a weakening rule R2 whose premise is the conclusion of R,. 


Proof: There are several cases to consider. We only consider some 
typical cases, leaving the others as exercises. 


(i) Ry =V: right, Ro =A: right. 
We have the following tree: 
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I’ +A’,A 
fnew Vi right 
I’ = A’ ,VarA 


structural rules ST 


[> A,VazA, A,B T 5 A,Va2A,A,C 


A: right 
TS A,Va2A,A,BAC 
The permutation is achieved as follows: 
IY > A’, Aly/z] 
weakening and exchanges 
I’ = Aly/a], A’, VaA P= A,VaA,A,C 
structural rules ST weakening and exchanges 
T > Aly/azj, A, VzA, A, B T = Aly/az], A, VrA,A,C 
A: right 
T= Aly/z], A,VzA, A, BAC 
exchanges 
TS A,VacA,A,BAC,Aly/z] ; 
Vi right 


TS A,VaA,A,BAC,VrA 


exchanges, contraction, and exchanges 


TS A,Va2A,A,BAC 


Since the first tree is part of a pure-variable proof, y only occurs above 
the conclusion of the V : right rule in it, and so, y does not occur in the con- 
clusion of the V : right rule in the second tree and the eigenvariable condition 
is satisfied. 


(ii) Ry =V: left, Ro =A: right. 
We have the following tree: 
Alt/a],T’ > A’ 


Vi left 
VaA,T’ — A’ 


structural rules ST’ 
T,vzA,A > A,B T,VrzA,A > A,C 
T,vr@A,A > A,BAC 


A: right 
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The permutation is achieved as follows: 


Alt/x],T’ > A’ 
weakening and exchanges 
VaA,I’, Alt/a] — A’ T,V2A,A—-A,C 
structural rules ST weakening and exchanges 


T,VaA,A, A[t/z] — A,B T,Va2A, A, A[t/z] — A,C 


T,Va@A,A, A[t/z] ~ A, BAC 


exchanges 
Alt/a],T,VzA,A >A, BAC 
V@A,T,VrA,A-A,BAC 


Vileft 


exchanges, contraction, and exchanges 


T,v@A,A > A,BAC 


(iii) Ry =V: left, Ro =A: left. 


We have the following tree: 


Aft/a],T’ > A’ 
pe NEE 
Va A,I’ — A’ 


structural rules ST 
B,T,VrA, AoA 
BAC,T,VatA,A >A 


A: left 


The permutation is achieved as follows: 


317 


A: right 
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Alt/az],T’ — A’ 


weakening and exchanges 


VaA,I’, Alt/a] — A’ 


structural rules ST 


B,T,VxA,A, A[t/z] — A 


A: left 
BAC,T,Va«A,A, Alt/x] = A 
exchanges 
Alt/z], BAC,T,VzA,A > A 
Vi left 


VtA,BAC,T,VatA, AA 


exchanges, contraction, and exchanges 


BACT ,Vc#A,A-A 


(iv) Ry =V: right, Ro = weakening right. 


We have the following tree: 


T-A,A 
fee Vi right 

TS A,Va2a . . 
__—~—é een right 
[T5A,Va2A,B 


The permutation is performed as follows: 


TA, Aly/x 
ly/e| weakening right 


TA, Aly/z],B 


exchange 

ToA,B,Aly/x 
ly/e| Vi right 

T5A,B,VacA 
exchange 

[T5A,Va2A,B 


Since the first tree is part of a pure-variable proof, y only occurs above 
the conclusion of the V: right rule in it, and so, y does not occur in the con- 
clusion of the V : right rule in the second tree and the eigenvariable condition 
is satisfied. 


(v) Ri = exchange right, Ro = weakening right. 


We have the following tree: 
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[T—+A,A,B,A 
T—>A,B,A,A 

[T 5 A,B,A,A,C 


exchange right 


weakening right 


The permutation is performed as follows: 
T—5A,A,B,A 

[T5A,A,B,A,C 

T5A,B,A,A,C 


weakening right 


exchange right 


(vi) R, = contraction right, Ro = weakening right. 


We have the following tree: 


IP A, A, A aed 
Ss contraction right 

PoA,A ee 
___~——r weakening right 
T-A,A,B 


The permutation is performed as follows: 


[T-A,A,A : . 
__t—<—;séseeenningg ‘ight 
[T-A,A,A,B 
exchanges 
[T-+A,B,A,A 


ToA,B,A 


contraction right 
exchange 
T-A,A,B 
(vii) Ry =V: right, Ro = atomic cut. 
We have the following tree: 
IY > A’, Aly/2] 


Vi right 
I’ = A’, VrA 


structural rules ST 
T > Ay, VarA, Ao, B B,A-0 
T,A — Ay, VrA, Ao,9 


atomic cut (B) 


Since B is atomic, it is different from Va A. 


320 7/Gentzen’s Sharpened Hauptsatz; Herbrand’s Theorem 


The permutation is performed as follows: 


Ys A, Aly/z] 


weakening and exchanges 


IY => Aly/a], A’, VaA 


structural rules ST 


T > Aly/a], Ai, VzA, Ao, B B,A-0 


atomic cut (B) 


T,A = Aly/a], Ai, Vx A, Ac, 9 


exchanges 


T,A — Ay, VrA,A2,0,A 
ge i ly/] Vi: right 


T,A — Ay, VaA, Ao, 0, VrA 


exchanges, contraction, and exchanges 


T,A — Ay, VrA, Ao,9 


Remark: It is easily shown that the rules V: raght and 4: left permute 
with each other, permute with the rules V : left and 4: right, and the 
rules V: left and 4: right permute with each other, provided that the main 
formula of the the upper inference is not equal to the side formula of the lower 
inference. 


7.3.3 Gentzen’s Sharpened Hauptsatz 


We now prove Gentzen’s sharpened Hauptsatz. 


Theorem 7.3.1 (Gentzen’s sharpened Hauptsatz) Given a sequent [T — A 
containing only prenex formulae, if ! — A is provable in LK (or L-K-), then 
there is a cut-free, pure-variable proof in LK (proof without essential cuts in 
LK,) that contains a sequent I’ — A’ (called the midsequent), which has the 
following properties: 


(1) Every formula in I’ — A’ is quantifier free. 


(2) Every inference rule above I’ > A’ is either structural, logical (not 
a quantifier rule), or an inessential cut. 


(3) Every inference rule below I’ > A’ is either a quantifier rule, or a 
contraction, or an exchange rule (but not a weakening). 


Thus, the midsequent splits the proof tree into an upper part that con- 
tains the propositional inferences, and a lower part that contains the quantifier 
inferences (and no weakening rules). 
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Proof: From theorem 6.3.1, lemma 7.3.1, and lemma 7.3.2, we can as- 
sume that T — A has a cut-free proof T in LK (without essential cuts in 
LK.) that is a pure-variable proof, and such that the axioms are of the form 
either A — A with A atomic, or an equality axiom (it is actually sufficient to 
assume that A is quantifier free). 


For every quantifier inference R in T, let m(R) be the number of propo- 
sitional inferences and n(R) the number of weakening inferences on the path 
from R to the root (we shall say that such inferences are below R). For a proof 
T, m(T) is the sum of all m(R) and n(T) the sum of all n(R), for all quantifier 
inferences R in T. We shall show by induction on (m(T),n(T)) (using the 
lexicographic ordering defined in Subsection 2.1.10) that the theorem holds. 


(i) m(L) = 0, n(T) = 0. Then, all propositional inferences and all weak- 
ening inferences are above all quantifier inferences. Let So be the premise of 
the highest quantifier inference (that is, such that no descendant of this infer- 
ence is a quantifier inference). If So only contains quantifier-free formulae, So 
is the midsequent and we are done. Otherwise, since the proof is cut free (with- 
out essential cuts in LA.) and since the axioms only contain quantifier-free 
formulae (actually, atomic formulae), prenex quantified formulae in So must 
have been introduced by weakening rules. If To is the portion of the proof with 
conclusion So, by eliminating the weakening inferences from To, we obtain a 
(quantifier-free) proof T, of the sequent $; obtained by deleting all quantifed 
formulae from Sp. For every quantified prenex formula A = Q124...Qn%nC 
occurring in So, let B = C[z1/21, ..., 2n/%n] be the quantifier-free formula ob- 
tained from A by substituting new variables 721, ..., 2 for 11,...,U%n in C’ (we 
are assuming that these new variables are distinct from all the variables oc- 
curring in T; and distinct from the variables used for other such occurrences 
of quantified formulae occurring in So). Let I’ — A’ be the sequent obtained 
from So by replacing every occurrence of a quantified formula A by the corre- 
sponding quantifier-free formula B, as above. It is clear that IY — A’ can be 
obtained from 5, by weakening inferences, and that So can be obtained from 
I’ > A’ by quantifier inferences. But then, I’ — A’ is the midsequent of the 
proof obtained from 7, and the intermediate inferences from S, to I’ — A’ 
and from I’ — A’ to So. Since the weakening inferences only occur above 
I’ > A’, all the conditions of the theorem are satisfied. 


(ii) Case 1: m(T) > 0. In this case, there is an occurrence R, of a 
quantifier inference above an occurrence Ry of a propositional inference, and 
intermediate inferences (if any) are structural. Since all formulae in the root 
sequent are prenex, the side formula (or formulae) of Rz are quantifier free. 
Hence, lemma 7.3.3(i) applies, Ry can be permuted with Rg, yielding a new 
proof T’ such that m(T’) = m(T)—1. We conclude by applying the induction 
hypothesis to T’. 


(ii) Case 2: m(T) = 0, n(T’) > 0. In this case, all propositional infer- 
ences are above all quantifier inferences, but there is a quantifier inference 
R, above a weakening inference R2, and intermediate inferences (if any) are 
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exchange or contraction rules. Using lemma 7.3.3(ii), Ro can be moved up 
until Ry and Rg are permuted, yielding a new proof T’ such that m(T’) = 0 
and n(T’) = n(T) — 1. We conclude by applying the induction hypothesis to 
7, 


Remark: In the case where m(T) > 0, even though m(T’) = m(T) — 1, 
n(T") might be increased because the transformation may introduce extra 
weakenings. However, n(T) is eventually reduced to 0, when m(T) is reduced 
to 0. Also, note that the proof provides an algorithm for converting a pure- 
variable cut-free proof (proof without essential cuts in LK.) into a proof 
having the properties stated in the theorem. 


An example of the transformations of lemma 7.3.3 also showing the 
values of m(T) and n(T) is given below. In order to shorten proofs, some 
contractions and exchanges will not be shown explicitly. 


EXAMPLE 7.3.3 
Consider the following proof tree T in which m(T’) = 2 and n(T) = 0: 


P(f(a)) > P(F(a)) R(g(a)) > R(g(a)) 
P(f(a)) > P(F(a)), JyR(y) R(g(a)) > R(g(a)), SeP(@) 
P(f(a)) > AxP(@), IyR(y) R(g(a)) > JeP(x), Sy Ry) 


Vileft 


P(f(a)) V R(g(a)) > AeP(x), IyR(y) 


We first exchange the J : right inference in the right subtree with V : le ft 
obtaining the following tree 


T, T> 
P(F(a)) V R(g(a)) > AeP(a), AR), Rg(@)) ere 
P(f(a)) V R(g(a)) > AeP(x), JyR(y), IyR(y) 
P(f(a)) V R(g(@)) > ArP(x), IyR(y) 
where T is the tree 
P(f(a)) > P(f(a)) 
EO) RIG) vt) as 5 
: right 
P(f(a)) > ArP(2), dyR(y) jee 
weakening 


and T> is the tree 


7.3 Gentzen’s Sharpened Hauptsatz for Prenex Formulae 323 
R(g(a)) > R(g(a)) 
R(g(a)) > R(g(@)), 3eP(x) 
weakening, exchanges 


R(g(a)) > JaP(x), Sy R(y), R(g(a)) 


We now have n(T) = 1 and m(T) = 1, since a weakening was introduced 
below the 4: right inference in the tree T,. We finally exchange the 
4d: right inference in T; with V: left. We obtain the following tree 


T; T: 
: z Vileft 


)V R(g(a)) > AeP(2), FyRYy), ROo(@)), PF(@)) right 
P(f(a)) V R(g(a)) > AxP(x), AyR(y), R(g(a)), AeP(x) 
(2) V R(g(a)) > JeP(), AyRy), RO(@)) a 

)V R(g(a)) > AxP(a), Sy R(y), dy Ry) 


P(f(a)) > P(f(a)), JaP(a), Sy R(y) 
P(f(a)) > AexP(), IyR(y), R(g(a)), P(F(a)) 


and T> is the tree 


R(g(a)) > R(g(a)) 
R(g(a)) > R(g(a))), JeP(x) 
R(g(a)) > R(g(a)), SeP(x), AyR(y) 
R(g(a)) > JaP(x), Sy R(y), R(g(a)), P(f(@)) 


We now have n(T) = 0 and m(T) = 0 and the proof is in normal form. 


Another example of a proof in the normal form given by theorem 7.3.1 
is shown below. 
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EXAMPLE 7.3.4 


Consider the sequent 


— AgVy7P(x, y), dyiV27Q(y1, 2), Ver dy2dz1(P(«1, y2) A Q(y2, 21)) 


whose validity is equivalent to the validity of the formula 


A = deVy7P(a, y) V SyiV2z7Q(y1, 2) V Ver dyedz1(P(21, ye) A Q(y2, 21)) 


The following proof satisfies the conditions of theorem 7.3.1: 


P(z1,y) = P(x1,y) Q(y; 2) =. Q(y; 2) 


P(x1,y),Q(y, z) > P(x1,y) P(x1,y), Q(y, z) > Q(y, ) 
P(x1,y), Q(y, z) > P(21,y) A Q(y, z) 
P(x1,y) > 7Q(y, z), P(t1,y) A Q(y, 2) 
> >P(21,y), -Q(y, 2), P(@1,y) A Q(y, 2) 
> +P(21,y), Q(y, 2), dz1(P(21, y) A Q(y, 21)) 


> aP(21,y), 7Q(y, Z), dy2dz1(P(2£1, yo) A Q(ye, 21)) 


= aP(£1,y), Vz7Q(y, z), dyedz1(P(21, y2) A Q(y2, 21)) 


= 3=P(£1,y), dyiV27Q(y1, 2), dyedza(P(21, ye) A Q(y2, 21)) 


— Vy P(21, y), dyiV27Q(y1, 2), Sy2dz1(P(21, y2) A Q(ye, 21)) 


— JaVy P(x, y), dyiV27Q(y1, ), Syeda (P(21, ye) A Q(y2, 21)) 


— AgVy7P(x, y), dyiV2z7Q(y1, 2), Ver dy2dz1(P(a1, yo) A Q(y2, 21)) 


The midsequent is — —P(21,y),7Q(y,z), P(a1,y) A Q(y, 2). 


Notice that the proof was constructed so that the V : right rule is always 
applied as soon as possible. The reason for this is that we have the freedom 
of choosing the terms involved in applications of the 4: right rule (as long as 
they are free for the substitutions), whereas the V : right rule requires that 
the substituted term be a new variable. The above strategy has been chosen 
to allow ourselves as much freedom as possible in the substitutions. 


PROBLEMS 


7.3.1. Prove lemma 7.3.2. 
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7.3.2. Finish the proof of the cases in lemma 7.3.3. 


7.3.3. Prove the following facts stated as a remark at the end of the proof 
of lemma 7.3.3: The rules V: right and 4: left permute with each 
other, permute with the rules V : left and 4 : right, and the rules 
V: left and 4: right permute with each other, provided that the main 
formula of the the upper inference is not equal to the side formula of 
the lower inference. 


7.3.4. Give proofs in normal form for the prenex form of the following se- 
quents: 


(drVyP(x,y) AVydrP(y,x)) > 
(7(VaP(x) V Jy-Q(y)) V (VzP(z) V Jw7Q(w))) > 
(-Va( P(x) V Jy-Q(y)) V (VzP(z) V Jw7Q(w))) > 


7.3.5. Write a computer program converting a proof into a proof in normal 
form as described in theorem 7.3.1. 


7.3.6. Design a search procedure for prenex sequents using the suggestions 
made at the end of example 7.3.4. 


7.4 The Sharpened Hauptsatz for Sequents in NNF 


In this section, it is shown that the quantifier rules of the system G1""S pre- 
sented in Section 6.4 can be extended to apply to certain subformulae, so that 
the permutation lemma holds. As a consequence, the sharpened Hauptsatz 
also holds for such a system. In this section, all formulae are rectified. 


7.4.1 The System G2"! 


First, we show why we chose to define such rules for formulae in NNF and 
not for arbitrary formulae. 


EXAMPLE 7.4.1 
Let 
A= P(a) V >(Q(b) AVzQ(zx)) > 
Since A is logically equivalent to P(a) V (4Q(b) V dz7Q(a)), the correct 
tule to apply to the subformula VzQ(z) is actually the 4: left rule! 


Hence, the choice of the rule applicable to a quantified subformula B 
depends on the parity of the number of negative subformulae that have the 
formula B has a subformula. This can be handled, but makes matters more 
complicated. However, this problem does not arise with formulae in NNF 
since only atoms can be negated. 
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Since there is no loss of generality in considering formulae in NNF and 
the quantifier rules for subformulae of formulae in NNF are simpler than for 
arbitrary formulae, the reason for considering formulae in NNF is clear. 


The extended quantifier rules apply to maximal quantified subformulae 
of a formula. This concept is defined rigorously as follows. 
Definition 7.4.1 Given a formula A in NNF, the set QF(A) of maximal 
quantified subformulae of A is defined inductively as follows: 


(i) If A is a literal, that is either an atomic formula B or the negation 
4B of an atomic formula, then QF(A) = 9; 


(ii) If A is of the form (BV C), then QF(A) = QF(B) UQF(C); 
(iii) If A is of the form (B AC), then QF(A) = QF(B) UQF(C). 
(iv) If A is of the form VxB, then QF(A) = {A}. 
(v) If A is of the form JxB, then QF(A) = {A}. 


EXAMPLE 7.4.2 
Let 


A= VuP(u) V (Q(b) AVa(>P(a2) V VyR(a2, y))) V 32zP(z). 


Then 


QF (A) = {VuP(u), Va(-P(2) V VyR(2, y)), dzP(z)}. 


However, VyR(x, y) is not a maximal quantified subformula since it is a 
subformula of Va(=P(x) V VyR(a2, y)). 


Since we are dealing with rectified formulae, all quantified subformulae 
differ by at least the outermost quantified variable, and therefore, they are all 
distinct. This allows us to adopt a simple notation for the result of substituting 
a formula for a quantified subformula. 


Definition 7.4.2 Given a formula A in NNF whose set QF(A) is nonempty, 
for any subformula B in QF(A), for any formula C, the formula A[C/B] is 
defined inductively as follows: 


(i) If A= B, then A[C/B] =C; 


(ii) If A is of the form (A; V Az), B belongs either to A; or to Az but not 
both (since subformulae in QF(A) are distinct), and assume that B belongs 
to Aj, the other case being similar. Then, A[C/B] = (Ai[C/B] V A2); 


(iii) If A is of the form (A; A Ag), as in (ii), assume that B belongs to 
A,. Then, A[C/B] = (Ai[C/B] A Ag). 
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EXAMPLE 7.4.3 


Let 
A= VuP(u) V (Q(b) AV2(4P(2) V VyR(z,y))), 
B=V2a(-P(x) V VyR(a,y)), and 
C= (4P(f(a)) V VyR(f (a), y))- 
Then, 


A[C/B] = VuP(u) V (Q(b) A (“P(f(@)) V VyR(F(@), y)))- 
We now define the system G2""s, 


Definition 7.4.3 (Gentzen system G2‘) The Gentzen system G2""S is 
the system obtained from G1"”"S by adding the weakening rules, by replacing 
the quantifier rules by the quantifier rules for subformulae listed below, and 
using axioms of the form A — A, > A,7A, A,7A—, and =A — —A, where 
A is atomic. Let A be any formula in NNF containing quantifiers, let C be 
any subformula in QF'(A) of the form VxB, and D any subformula in QF(A) 
of the form 4x7B. Let t be any term free for x in B. 


A[Blt/z|/C] TA 
AToA (V : left) 


The formula A[B[t/x]/C] is the side formula of the inference. Note that 
for A = C = VxB, this rule is identical to the V : left rule of G1"’F. 


TA, A[Bly/z]/C] 
ToA,A 


(V: right) 


where y is not free in the lower sequent. 


The formula A[Bly/x]/C] is the side formula of the inference. For A = 
C =V xB, the rule is identical to the V: right rule of G1". 


A[Bly/z]/D|,l > A 
ATA 


(4: left) 


where y is not free in the lower sequent. 


The formula A[B[y/z]/D] is the side formula of the inference. For A = 
D = 4B, the rule is identical to the 3: left rule of G1""s. 


T= A, A[Bit/2]/D] 


coA 4 (A: right) 
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The formula A[B[t/x]/D] is the side formula of the inference. For A = 
D =4I2B, the rule is identical to the J: right rule of G1""s. 


7.4.2 Soundness of the System G2"”"/ 


The soundness of the quantifier rules of G2”’ of definition 7.4.3 is shown in 
the following lemma. 


Lemma 7.4.1 The system G2""S is sound. 


Proof: We treat the case of the rules V: left and V: right, the case of 
the rules 4: left and 4: right beeing similar. We need to prove that if the 
premise of the rule is valid, then the conclusion is valid. Equivalently, this 
can shown by proving that if the conclusion if falsifiable, then the premise is 
falsifiable. 


Case 1: V: left. 


To show that if the conclusion is falsifiable then the premise is falsifiable 
amounts to proving the following: For every structure A, for every assignment 
8: 

(i) A= C: If VxB is satisfied in A by s, then B[t/z] is satisfied in A by 
s. This has been shown in lemma 5.4.2. 

(ii) A # C: If A is satisfied in A by s, then A[B[t/x]/C] is satisfied in 
A by s. We proceed by induction on A. 


If A is of the form (A; V Ag), we can assume without loss of generality 
that C is in QF(A,). But (A, V Ag) is satisfied in A by s iff either Aj is 
satisfied in A by s or Ag is satisfied in A by s. Since 


A[Blt/2]/C] = (Ai[Blt/2]/C] Vv Aa), 


in the second case, (A,[B[t/x]/C] V Ag) is also satisfied in A by s. In the first 
case, by the induction hypothesis, since A, is satisfied in A by s, A,[B[t/z]/C] 
is also satisfied in A by s, and so (A;[B[t/z]/C] V Ag) is satisfied in A by s, 
as desired. 


If A is of the form (A; A Ag), assume as in the previous case that C 
occurs in A;. If A is satisfied in A by s, then both A; and Ag, are satisfied 
in A by the same assignment s. By the induction hypothesis, A,[B[t/z]/C] 
is satisfied in A by s, and so A[B[t/x]/C] is satisfied in A by s. 


If A is equal to C, then we have to show that if VaB is satisfied in A by 
s, then B[t/z] is satisfied in A by s, but this reduces to Case 1(i). 


Case 2: V: right. 


This time, showing that if the conclusion is falsifiable then the premise 
is falsifiable amounts to proving the following: For every structure A, if A is 
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falsifiable in A by s, then A[B[y/2]/D] is falsifiable in A by an assignment s’ 
of the form s[y := a], where a is some element in the domain of A, and y is 
not free in A, [ and A. There are two cases: 


(i) A= D; If VxB is falsifiable in A by s, there is some element a in the 
domain of A such that Bla/z] is falsified in A, and since y does not occur 
free in the conclusion of the inference, by lemma 5.4.2, B[y/x] is falsifiable in 
A by sly := a]. 


(ii) A # D; If A is falsifiable in A by s, then A[B[y/z]/D] is falsifiable 
in A by an assignment s’ of the form s[y := a], where y does not occur free 
in A,T, A. 


We prove by induction on formulae that for every subformula A’ of A 
containing some formula in QF(A) as a subformula, if A’ is falsified in A by s, 
then A’'|Bly/2]/D] is falsified in A by an assignment s’ of the form s[y := al, 
where y is not free in A, and A. Note that in the induction hypothesis, it 
is necessary to state that y is not free in A, and not just A’. 


If A’ is of the form (A, V Az), we can assume without loss of generality 
that D is in QF(A;). But (Aj V Ag) is falsified in A by s iff Aj is falsified in 
A by s and Ag is falsified in A by s. Since 


A'|Bly/a]/D] = (Ai[Bly/z]/D] V Az), 


by the induction hypothesis A;[B[y/2]/D] is falsified in A by some assignment 
of the form s[y := a] where y is not not free in A, [ and A. But since Ag is 
a subformula of A’ and thus of A, y is not free in Ag and by lemma 5.3.3, Ag 
is also falsified in A by s[y := a]. Then A’[B[y/2]/D] is falsified in A by the 
assignment s[y := al]. 


If A’ is of the form (A; A Az), assume as in the previous case that D 
occurs in A,. If A’ is falsified in A by s, then either A; is falsified in A by s 
or Ag is falsified in A by s. In the second case (Ai [B[y/z]/D] A A) is falsified 
in A by s. In the first case, since A is falsified in A by s, by the induction 
hypothesis A,[Bly/x]/D] is falsified in A by some assignment s’ of the form 
sly := a]. Then (A,[Bly/z]/D] A Ag) is falsified in A by sly := a], as desired. 


If A’ is equal to D, then we are back to case 1(i). 


It should be emphasized that the condition that y is not free in A, [ 
and A, and not just D, T’, A plays a crucial role in the proof. Note that the 
system G1" is a subsystem of G2"”s, 


We now prove a version of lemma 7.3.3 and a normal form theorem 
analogous to theorem 7.3.1 for the system G2""s. 
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7.4.3 A Gentzen-like Sharpened Hauptsatz for G2”! 


The definition of an inference R; permuting with an inference Re given in 
definition 7.3.2 extends immediately to the new quantifier rules, except that 
the section ST of structural rules only contains weakenings. It is also easy to 
see that lemmas 7.3.1 and 7.3.2 extend to the system G2". This is left as 
an exercise to the reader. 


Consider a quantifier rule of G2"’/, say V : left: 


A[Blt/a]/C],l + A 
ATA 


If A belongs to I, letting A = IT — {A}, the rule can be written as: 


A, A[B[t/x]/C],A > A 
AAA 


where A does not belong to A. In this version, we say that the rule is the 
V:left rule with contraction. The first version of the rule in which either 
A €T or A does not belong to the upper sequent is called the rule without 
contraction. The definition extends to the other quantifier rules. 


Lemma 7.4.2 In every pure-variable, cut-free proof T in G2""!, the fol- 
lowing holds: Every quantifier rule R,; of G2""f can be permuted with a 
propositional rule Rz or a weakening. 


Proof: The proof proceeds by cases. First, we prove that every quantifier 
rule of G1"’F without contraction can be permuted with a propositional rule 
Ry or a weakening. It is not difficult to see that the cases treated in lemma 
7.3.3 are still valid with the rules of G1"’/. This is because sequents are 
pairs of sets, and contraction rules can be simulated. For example to perform 
the permutation involving Ry = V: right and Rp = A: right, the following 
deduction is used: 


IY 5 A’, Aly/z] 


IY => Aly/a], A’, VaA 


weakening rules T > A,Vv«rA,A,C 
T > Aly/az], A, VrA, A, B T > Aly/aj, A, VzA, A,C 


weakening 


A: right 


TS A,VacA,A,BAC,Aly/z] 
TS A,Va2A,A,BAC 


Vi right 


In the lowest inference, we took advantage of the fact that 


TS A,VacA,A,BAC,VrA 
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denotes the same sequent as 
TA,VrA,A,BAC, 


since a sequent is a pair of sets. The details are left as an exercise. We 
still have to consider the cases of quantifier rules of G1""/ with contractions, 
quantifier rules of G2""S applied to the side formula of a propositional rule, 
and permutation with weakenings. We treat A: left and A : right, the other 
cases being similar. 


Case 1: A: left, ¥: left. There are two subcases: 


1.1: A €T or A does not belong to the top sequent: 


A[Blt/x]/C],P > A 


Vi left 
ATA 
iC le ft 
ANE,T HA 
The permutation is achieved as follows: 
A[Blt C\,T oA 
(Bi/A/CLT A ae 
A[Bit CJAE,T AA 
(Bi/A/CIABT A 
ANE,THA 
1.2: A¢T and A occurs in the top sequent. 
A, A[B[t/a|/C],T? 3 A 
(Blt/2/C| ee 
ATA 
2s,  eelett 
ANE,T HA 
The permutation is achieved as follows: 
A, A[Blt C\,T HA 
[Blt /2]/C],P — Kohat 
ANE, A[Blt Ci,rT oA 
(BACLT A ag 
ANE, A[Bit/z|/C] \NE,T—A 


Vi left 
ANE,T A 


Case 2: A: left, 4: left. 


2.1: A €T or A does not belong to the top sequent: 
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IP UMPRE ES sa cieas 


A: left 


ATA 
ANE,T AA 


The variable y is a new variable occurring only above A[B[y/x]/D],T - 
A. The permutation is achieved by performing the substitution of Bly/a] for 
Din AA E, yielding A[Bly/xz]/D] A E. The inference is legitimate since, y 
being a variable that only occurs above A[B[y/x]/D],l — A in the previous 
proof tree, y does not occur free in A, F, I and A. The permutation is 
achieved as follows: 


SWAT. . pita 


A[Bly/2/DIAET A 1, 


ANE,T HA 
2.2: A¢T and A occurs in the top sequent. 


A, A[Bly/2]/D],.P > A 
ATA 
ANE,T A 


4: left 


A: left 


The permutation is performed as follows: 


A, A[Bly/z]/D],T > A 


A: left 
ADE AB UD Ee: left 


ANE,A[Bly/a]/D) AE,T oA _ 
4d: left 


ANE,T A 


Case 3: A: right, V: right. 


3.1: A €T or A does not occur in the top sequent: 


T5A, A[Bly/2]/C] 


Vi: right 
ToA,A ToA,E 


ToA,AAE 


A: right 


The variable y is new and occurs only above T — A, A[B[y/2]/C]. The 
permutation is achieved as follows: 
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T5A, A[Bly/z]/C] ToA,E 


A: right 
TSA, A[Bly/z]/C] AE 


ToA,AAE 


Vi right 


The application of the V : right is legal because y does not occur free 
inl — A,AA E, since in the previous proof it occurs only above [T — 


A, A[Bly/2]/C}. 


3.2: A¢T and A occurs in the top sequent. 


P—A,A, A[Bly/z]/C] 
Vi right 
ToA,A ToA,E 


A: right 
ToA,AAE 


The permutation is performed as follows: 


ToA,E 


TS A,A, A[Bl[y/z]/C] T > A, A[Bly/2]/C], E T-A,E 


TSA, A[Bly/z]/C], AA E ToA,E,AANE 
TA, A[Bly/z]/C] \E, ANE ; 
Vi right 
ToA,AAE 
Case 4: A: right, dright: 
4.1: A €T or A does not occur in the top sequent: 
P= A,A[BIt/21/D]_ 
4: right 
ToA,A ToA,E ; 
A: right 
ToA,AAE 
The permutation is achieved as follows: 
TSA, A[Blt/2]/D ToA,E 
ere) A: right 
TSA, A[Blt/2]/DJ AE _ 
4: right 


ToA,AAE 


4.2: A¢T and A occurs in the top sequent. 
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in| 


PT —A,A, A[BIt/2]/D] 
: right 
ToA,A ToA,E 
ToA,AAE 


A: right 


The permutation is achieved as follows: 


ToA,E 


[T 5A,A, A[B[t/z]/D] T > A, A[B[t/2]/D], E T-A,E 


TSA, A[B[t/2]/D], AA E ToA,E,AANE 


[> A, A[Blt/2]/D] AE, AA E 


in| 


: right 


ToA,AAE 


The other cases are similar and left as an exercise. 


We can now prove the following type of normal form theorem for the 
systems G1""F and Garry. 


Theorem 7.4.1 (A sharpened Hauptsatz for G1""/ and G2") Given a 
sequent [ — A containing only formulae in NNF, if [ — A is provable in 
G1""F, then there is a cut-free, pure-variable proof in G2"! that contains a 
sequent I’ — A’ (called the midsequent), which has the following properties: 


(1) Every formula in I’ > A’ is quantifier free. 


(2) Every inference rule above I’ — A’ is either a weakening or propo- 
sitional (not a quantifier rule). 


(3) Every inference rule below I’ — A’ is a quantifier rule. 


Thus, in such a proof in normal form, the midsequent splits the proof 
tree into an upper part that contains the propositional inferences (and weak- 
enings), and a lower part that contains the quantifier inferences. 


Proof: First we apply theorem 6.4.1 to obtain a cut-free G1""S-proof. 
Next, we use induction as in theorem 7.3.1. However, there is a new difficulty: 
Exchanges involving contractions introduce two propositional rules and some- 
times a weakening above a quantifier rule, and a simple induction on m(T) 
does not work. This difficulty can be resolved as follows. Let us assign the 
letter a to a quantifier rule, and the letter 6 to a propositional rule or a weak- 
ening. Consider the set of all strings obtained by tracing the branches of the 
proof tree from the root, and concatenating the letters corresponding to the 
quantifier and other inferences in the proof tree. The fact that a propositional 
inference (or a weakening) occurs below a quantifier inference is indicated by 
an occurrence of the substring ba. Note that every string obtained is of the 


form 
OOO gg? De GM mst, 
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By inspection of the exchanges given by lemma 7.4.2, note that a string 
ba is replaced either by ab or abb or abbb. From this, it is easily seen that ba 
is replaced by some string ab", where m < k < 3m. Hence, ba” is replaced 
by some string ab"*, where 1 < k < 3”. 


To permute quantifier rules and propositional rules, proceed as follows: 
Consider all lowest occurrences of inferences of the form 6! a™!, and perform 
the exchanges using lemma 7.4.2. After this step is completed, each path 

0B GPT HM gr? HM gn pms1 


is now of the form 
argh OPT BM 2 gh? DP gM OM s+1, 


Since the number of blocks of the form b’"*a™ has decreased, if we repeat 
the above process, we will eventually obtain a proof in which all quantifier 
inferences are below all propositional inferences and weakenings. When such 
a proof is obtained, we pick the premise of the highest quantifier inference. 
If this sequent M only contains quantifier-free formulae, it is the midsequent. 
Otherwise, since the axioms only contain literals and no quantifier rule is ap- 
plied in the part of the proof above the sequent M, all quantified subformulae 
in M are introduced by weakening. As in the proof of theorem 7.3.1, we can 
consider the part of the proof above M, and form another proof of the sequent 
M’ obtained from M by deleting all quantified formulae. It is now possible 
(as in theorem 7.3.1) to form a quantifier-free sequent I’ > A’ from M’ which 
is also provable, from which M is provable by applying the quantifier rules of 
Gorn, 

Remarks: (i) The theorem deals with the two systems G1""S and G2""s, 
whereas theorem 7.3.1 deals with the single system LK. Theorem 7.4.1 shows 
how to convert a G1""S-proof with cut into a cut-free normal G2""/-proof. 
This is easier to prove than the extended Hauptsatz for G2”"/. Also, this is 
sufficient to derive part of Herbrand’s theorem for G1"”/. 


(ii) The resulting proof may have a depth exponential in the size of the 
original proof. 


As an illustation of theorem 7.4.1, consider the following example. 


EXAMPLE 7.4.4 
The following is a proof of the sequent 


(Pla) V Va(Q(a) V VyR(y))) > Pla), Q(a), R(f(@)) A R(F(b)) 


which is not in normal form: 
P(a) > Pla) 
P(a) > Pla), Q@) 
P(a) > P(a), Qa), R(f(a)) A R(F(O)) fe 
(Pla) V Va(Q(a) V VyR(y))) > P(a), Q(a), R(F(@) A R(F(O)) 
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where T) is the tree 


Q(a) > Qa) 

Qa) > Qa), R(f(@)) A R(F(O)) Te 
Q(a) VVyRYy) > Q(a), RF(a)) A R(F(O)) 
Va(Q(a) VVyR(y)) > Q(a), RF(a)) A R(F(6)) 
Va(Q(x) VVyR(y)) > Pla), Q(a), R(f(a)) A R(F(6)) 


and T> is the tree 


R(fl@)) > RF(@)) RF(6)) > RF()) 
VyR(y) > Rf(a)) VyRy) > RF) 
VyR(y) > R(f(a)) A R(F(6)) 
VyR(y) > Q(a), R(f(a)) A R(F(O)) 


The proof below is in normal form: 


propositional part 
P(a) V (Q(@) V R(f(@))), P(@) V (Q(a) V R(F(b))) > A 
P(a) V (Q(@) V VyR(y)), Pla) V (Q(a) V R(f(a))) > A 
P(a) V (Q(a) VVyR(y)) > P(a),Q(a), R(F(a)) A R(F(O)) 
(P(a) V V2(Q(x) V VyR(y))) > Pla), Q(a), R(f(@)) A R(F(0)) 


where A = P(a), Q(a), R(f(a)) A R(f(b)). The midsequent is 


P(a) V (Q(a@) Vv R(F(@))), P(@ V (Q(@) V R(F(6))) > 
P(a), Q(a), R(f(@)) A R(F(0)), 


which is equivalent to 


(Pla) V (Q(a)) V (REF (a) A REF) > 
P(a), Q(a), R(f(a)) A RUF (6). 


We now consider the case of languages with equality. 


7.4.4 The Gentzen System G2”"/ 


The system G2”"F has the following axioms and inference rules. 
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Definition 7.4.4 The system G2""S is obtained from G12"! by adding the 
quantifier rules of definition 7.4.3 and the weakening rules. It is easy to see 
that G2""F is sound. 


The following version of lemma 7.4.2 holds for G2""F. 
Lemma 7.4.3. For every pure-variable proof T in G22"! without essential 


cuts, the following holds: Every quantifier rule of G2™"/ can be permuted 
with a propositional rule, an inessential cut, or a weakening. 


Proof: The case not handled in lemma 7.4.2 is an exchange with an 
inessential cut. This is handled as in lemma 7.3.3. 


7.4.5 A Gentzen-like Sharpened Hauptsatz for G22"! 
We also have the following sharpened Hauptsatz for G2"”/. 


Theorem 7.4.2 (A sharpened Hauptsatz for G12" and G22") Given a 
sequent [ — A containing only formulae in NNF, if [ — A is provable in 
G1""F, then there is a pure-variable proof in G2" without essential cuts that 
contains a sequent I’ — A’ (called the midsequent), which has the following 
properties: 


(1) Every formula in I’ — A’ is quantifier free. 


(2) Every inference rule above I’ — A’ is either a weakening, a propo- 
sitional rule, or an inessential cut (but not a quantifier rule). 


(3) Every inference rule below I’ — A’ is a quantifier rule. 


Proof: The proof is essentially identical to that of theorem 7.4.1, but 
using lemma 7.4.3 instead of lemma 7.4.2. The details are left as an exercise. 


We shall see in Section 7.6 how theorems 7.4.1 and 7.4.2 can be used to 
yield Andrews’s version of the Skolem-Herbrand-Gédel theorem (See Andrews, 
1981), and also half of a version of Herbrand’s original theorem. 


PROBLEMS 


7.4.1. Finish the proof of lemma 7.4.1. 

7.4.2. Finish the proof of the cases left out in the proof of lemma 7.4.2 
7.4.3. Prove that lemma 7.3.1 and 7.3.2 extend to the system G2", 
7.4.4. Fill in the details in the proof of theorem 7.4.1. 

7.4.5. Fill in the details in the proof of lemma 7.4.3. 

7.4.6. Fill in the details in the proof of theorem 7.4.2. 
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7.4.7. Give a proof in normal form for the sequent 
Va(P(2) V VyQ(y, F(@))) A (4P(@) A (4Q(a, fa) V 7Q(6, fla))) > - 


7.4.8. It is tempting to formulate the V: left rule so that a formula of the 
form VA can be instantiated to the formula A[t;/az] A ... A Alt, /z], 
for any k terms ty, ...,¢, free for x in A, and never apply contractions. 
However, this does not work. Indeed, the resulting system is not 
complete. Consider the following sequent provided by Dale Miller: 


Vady(-P(a) A P(y)) > . 


The following is a proof of the above sequent using contractions: 


P(u) > >P(a), P(u)), Pw) 


“P(x), P(u), >P(u), Pv) > 


>P(2), Plu), (>P(u) A P(v)) > 


(4P(z) A P(u)), (>P(u) A P(v)) > 


(4P(@) A P(u)), Sy(>P(u) A P(y)) > 


(4P(a) A P(u)), Vady(>P(@) A P(y)) > 


y(>P(x) A P(y)), Vesy(>P(2) A P(y)) > 


Vady(>P(x) A Ply), Vesy(>P(x) A P(y)) > 


Vady(>P(x) A P(y)) > 


Show that a derivation involving no contractions cannot lead to a 
proof tree, due to the eigenvariable restriction. 


7.5 Herbrand’s Theorem for Prenex Formulae 
In this section, we shall derive a constructive version of Herbrand’s theorem 
from Gentzen’s Hauptsatz, using a method inspired by Kleene (Kleene, 1967). 


In presenting Herbrand’s theorem, it is convenient to assume that we 
are dealing with sentences. 


7.5.1 Preliminaries 


The following lemma shows that there is no loss of generality in doing so. 
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Lemma 7.5.1 Let A be a rectified formula, and let FV(A) = {y1,..., yn} 
be its set of free variables. The sequent — A is (LK or LK.) provable if and 
only if the sequent — Vy1...vVynA is provable. 


Proof: We proceed by induction on the number of free variables. The 
induction step consists in showing that if A is a rectified formula and has a 
single free variable x, then — A is provable iff — VA is provable. 


We can appeal to the completeness theorem and show that A is valid iff 
VaA is valid, which is straightforward. We can also give a the following proof 
using the pure-variable lemma 7.3.1 and lemma 6.5.1. 


Assume that — A is provable. Since A is rectified, the variable x is not 
free in VA, and the following inference is valid. 


— Ala /a] 
—VaA 


By putting the proof of A = A[z/z] on top of this inference, we have a 
proof for Vx A. 


Conversely, assume that VxA is provable. There is a minor problem, 
which is that the eigenvariable z used in the lowest inference in the proof of 
Va A is not necessarily x, even though z is not free in Vz A. However, by lemma 
7.3.1, there is a pure-variable proof of A in which all eigenvariables are new 
and distinct. Hence, the variable x does not occur in the part of the proof 
above — A[z/a]. Using lemma 6.5.1, we can substitute x for all occurrences 
of z in this part of the proof, and we get a proof of A. 


We will also use the following fact which is easily shown: Given a sequent 
Ai, eeey Am —z By, oeey Bn, 


Aj,..., Am — Bi,..., Br 
is provable if and only if 
3 5A, V...V7IAm VBL V.V Br 
is provable. Using this fact and lemma 7.5.1, a sequent consisting of formulae 


is provable if and only if a sentence is provable. 


Hence, we will assume without loss of generality that the sequent I to be 
proved does not have sentences on the left of —, that the sentences occurring 
on the righthand side of — are all distinct, and that they are rectified. 


The main idea of Herbrand’s theorem is to encode (with some inessential 
loss of information) the steps of the proof in which the V : rule is applied. 
For this, some new function symbols called Herbrand functions or Skolem 
functions are introduced. 
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7.5.2 Skolem Function and Constant Symbols 


Skolem symbols are defined as follows. 


Definition 7.5.1 For every prenex formula A = Qy%n...Q1%1B occurring 
in a sequent — I, for every occurrence Q; of a universal quantifier in A then: 


(i) If nm > 0 and m; > 0, where m; is the number of existential quanti- 
fiers in the string Qn...Qi41, a new function symbol ff having a number of 
arguments equal to m, is created. 


(ii) If m; =0 or i =n, the constant symbol fA is created. 


Such symbols are called Skolem function symbols and Skolem constant 
symbols (for short, Skolem functions). 


The essence of Herbrand’s theorem can be illustrated using example 
7.3.4. 


EXAMPLE 7.5.1 


For the sequent of example 7.3.4, the unary function symbol f is associ- 
ated with V in daVy-P(z, y), the unary function symbol g is associated 
with V in dyiVz7Q(yi, z), and the constant a with V in Vay dy2dz1(P(a1, 
y2) A Q(y2, 21))- 


Now, we shall perform alterations to the proof in example 7.3.4. Moving 
up from the bottom sequent, instead of performing the V : right rules, we 
are going to perform certain substitutions. For the instance of V : right 
applied to 


Vary dy2dz1(P(1, y2) A Q(y2, 21)), 


substitute the Skolem constant a for all occurrences of x; in the proof; 
for the instance of V : right applied to 


Vy7P(a,y), 


substitute f(a) for all occurrences of y in the proof; for the instance of 
V: right applied to 
Vz7Q(f(a), 2), 


substitute g(f(a)) for all occurrences of z in the proof. Note that the 
resulting tree is no longer a legal proof tree because the applications of 
Vv: right rules have been spoiled. However, the part of the proof from 
the new midsequent up is still a valid proof involving only propositional 
(and structural) rules (extending our original language with the symbols 


a, f, 9): 


The following definition will be useful for stating Herbrand’s theorem. 


Definition 7.5.2 Given a prenex sequent — I, the functional form of - 
T is obtained as follows: For each prenex formula A = Qy2p...Q121B in 
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— IT, for each occurrence of a variable x; bound by an occurrence Q; of a 
universal quantifier, the term fA(y1,..., ym) is substituted for x; in B and 
Qia; is deleted from A, where ff is the Skolem function symbol associated 
with Q;, and y1,...,Ym is the list of variables (in that order) bound by the 
existential quantifiers occurring in the string Qn...Qi41 (if m = 0 or i = n, 
fA is a constant symbol). 


EXAMPLE 7.5.2 


Again, referring to example 7.3.4, the sequent 


«P(x, f(x)), dyi7Q(y1, 9(y1)), Sy2dz1(P(a, yo) A Q(y2, 21)) 


WwW 


= 


is the functional form of our original sequent. Note that the provable 
sequent 


> +P(a, f(a), -Q(F(a), (F(a), PCa, Fla) A Q(F(@), 9(F(@))) 


is obtained from the functional form of the original sequent by deleting 
quantifiers and substituting the terms a, f(a), f(a) and g(f(a)) for a, 
Y1; Y2, and z, respectively. Example 7.5.2 illustrates part of Herbrand’s 
theorem. 


Informal statement of Herbrand’s theorem: If a prenex sequent — I is 
provable, then a disjunction of quantifier-free formulae constructible from IT 
is provable. Furthermore, this disjunction of quantifier-free formulae consists 
of formulae obtained by substituting ground terms (built up from the original 
language extended with Skolem functions) for the bound variables of the sen- 
tences occurring in the functional form of the original sequent. The converse 
is also true, as we shall see shortly. 


The key observation used in showing the converse of the above statement 
is to notice that the terms a, f(a), g(f(a)) record the order in which the 
V : right rules were applied in the original proof. The more nested the symbol, 
the earlier the rule was applied. 


Warning: Many authors introduce Skolem function symbols to eliminate 
existential quantifiers, and not universal quantifiers as we do. This may seem 
confusing to readers who have seen this other definition of Skolem function 
symbols. However, there is nothing wrong with our approach. The reason the 
dual definition is also used (eliminating existential quantifiers using Skolem 
function symbols), as in the resolution method, is that the dual approach 
consists in showing that a formula A is valid by showing that B = —A is 
unsatisfiable. This is equivalent to showing that the sequent B — is valid, or 
equivalently that — —B (that is > A) is valid. Since in the dual approach, 
the existential quantifiers in B are Skolemized, in ~B = A, the universal 
quantifiers are Skolemized. Since our approach consists in showing directly 
that A is valid, and not that —A is unsatisfiable, we have defined Skolem 
function symbols for that purpose, and this is why they are used to eliminate 
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universal quantifiers. What we have defined in definition 7.5.2 is often called 
in the literature the validity functional form, the dual form for eliminating 
existential quantifiers being called the satisfiability functional form (Herbrand, 
1971). To avoid confusion, we shall call the first (the validity functional form) 
simply the functional form, and the second (the satisfiability functional form) 
the Skolem normal form (see definition 7.6.2). 


7.5.3 Substitutions 


Before stating and proving Herbrand’s theorem, we need to define substitution 
functions. 


Definition 7.5.3 A substitution function (for short, a substitution) is any 
function 
o0:V —~TERM, 


assigning terms to the variables in V. By theorem 2.4.1, there is a unique 
homomorphism 
o: TERM, — TERM, 


extending o and defined recursively as follows: 
For every variable x € V, a(x) = o(2). 
For every constant c, a(c) = o(c). 


For every term ft,...t, € TERML,, 


G(ftr...tn) = fA(t1)...G(tn). 


By abuse of language and notation, the function G will also be called a 
substitution, and will often be denoted by oa. 


The subset X of V consisting of the variables such that o(x) # «x is 
called the support of the substitution. In what follows, we will be dealing 
with substitutions of finite support. If a substitution o has finite support 
{y1,---, Yn} and o(y;) = s;, for i =1,..,n, for any term t, G(t) is also denoted 
by t[s1/Yy1, ---; 8n/Yn}- 

Substitutions can be extended to formulae as follows. Let A be a for- 
mula, and let o be a substitution with finite support {1,...,2,}. Assume 
that the variables in {21,...,@,} are free in A and do not occur bound in A, 
and that each s; (s; = o(a;)) is free for x; in A. The substitution instance 
Alsi/21, ...;$n/%n] is defined recursively as follows: 


If A is an atomic formula of the form Pt...tm, then 


Als: /%1, Sef Bn = Pty[s1/21, +) 8n/En]-.-tm[s1/21, ‘ytal tals 
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If A is an atomic formula of the form (¢; = tz), then 
Alsi stip Saya] = (14 [s1/21y 0 8a7 Br = ty|[84/@iys.1,8n/ Pal): 


If A=L, then 
A[si/21, Salty =1. 


If A= 7B, then 


Alsi /21, 5 $n/@n| = 7Blsi/21, ..., 8n/2n]- 
If A= (B*C), where « € {V,A, >, =}, then 
Als1/21, +5 8n/@n] = (Blsi/21,-.-, 8n/n] * C[s1/21,---) 8n/Ln))- 
If A = VyB (where y ¢ {21,...,%n}), then 


Alsi /21,..-; 8n/n] = VyBl[s1/x1, ..., 8n/£n]- 


If A = dyB (where y ¢ {21,...,%n}), then 


Alsi /2@1,.--; 8n/n] = SyBls1/x1,..., 8n/Xn]- 


Remark: Als1/x1][82/x2]...[Sn/Un], the result of substituting s; for 21, 

. 8, for 2, (as defined in definition 5.2.6) in that order, is usually different 
from A[s1/25, ...,$n/2y]. This is because the terms $1,...,5, may contain some 
of the variables in {21,..., 2}. However, if none of the variables in the support 
of the substitution o occurs in the terms 5},...,5, it is easy to see that the 
order in which the substitutions are performed is irrelevant, and in this case, 


Als1/21][82/v9]...[8n/Un] = Alsi /21,..., 8n/Ln]). 


In particular, this is the case when o is a ground substitution, that is, when 
the terms 5},...,5,, do not contain variables. 


Given a formula A and a substitution o as above, the pair (A, 0) is called 
a substitution pair. The substitution instance defined by A and o as above 
is also denoted by o(A). Notice that distinct substitution pairs can yield the 
same substitution instance. 


A minor technicality has to be taken care of before proving Herbrand’s 
theorem. If the first-order language does not have any constants, the theorem 
fails. For example, the sequent — Jxidy(P(x) V 4P(y)) has a proof whose 
midsequent is + P(x) V =P(x), but if the language has no constants, we 
cannot find a ground substitution instance of P(x) V ~P(x) that is valid. To 
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avoid this problem, we will assume that if any first-order language L does not 
have constants, the special constant # is added to it. 


7.5.4 Herbrand’s Theorem for Prenex Formulae 


Before stating and proving Herbrand’s theorem, recall that we can assume 
without loss of generality that the sequent — I to be proved consists of sen- 
tences, does not have sentences on the left of —, that the sentences occurring 
on the righthand side of — are all distinct, and that distinct quantifiers bind 
occurrences of distinct variables. 


Theorem 7.5.1 (Herbrand’s theorem for prenex formulae) Given a sequent 
— T such that all sentences in I are prenex, — I is provable (in LK or 
LK.) if and only if there is some finite sequence < (B1,01),...,(Bn,on) > of 
substitution pairs such that the sequent — H consisting of the substitution 
instances 0(B1),...,0(Bw) is provable, where each o;(B;) is a quantifier- 
free substitution instance constructible from the sentences in T’ (# is called 
a Herbrand disjunction). Furthermore, each quantifier-free formula o;(B;) in 
the Herbrand disjunction H is a substitution instance B;[ty/21,...,th/xp] of 
a quantifier-free formula B;, matrix of some sentence 42,...4x,B, occurring 
in the functional form of — TI. The terms ¢),...,t, are ground terms over 
the language consisting of the function and constant symbols in L occurring 
in > T, and the Skolem function (and constant) symbols occurring in the 
functional form of — [L. 


Proof: Using Gentzen’s sharpened Hauptsatz (theorem 7.3.1), we can 
assume that we have a pure-variable cut-free proof in LK (proof without 
essential cuts in LK.) with midsequent — I’. We alter this proof in the 
following way. Starting with the bottom sequent and moving up, for every 
instance of the rule V : right applied to a formula 


Va Qi-1%i-1-.-Q121Bls1/yi, --; 8m/Ym!] 


which has been obtained from a prenex sentence 


A= Qnta--Qigi 2141 V0Qj-104-1--.Q121C 


in I, substitute the term 
FF (811-1 8m) 


for all occurrences of x; in the proof (or Skolem constant fA if m= 0), where 
fe is the Skolem function symbol associated with x; in A, y1,...,Ym is the 
list of all the variables (all distinct by our hypothesis on proofs) bound by 
existential quantifiers in the string Qn@p...Qi41%i41, and $1,..., Sm is the list 
of terms that have been substituted for yj, ..., Ym in previous steps. Since the 
only inference rules used below the midsequent are quantifier, contraction or 
exchange rules, the resulting midsequent — H is indeed composed of substi- 
tutions instances of matrices of sentences occurring in the functional form of 
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— T, and since the modified part of the proof above the midsequent is still 
a proof, the new midsequent — 4 is provable. If the midsequent contains 
variables, substitute any constant for all of these variables (by a previous as- 
sumption, the language has at least one constant, perhaps the special constant 


#). 


We now prove the converse of the theorem. We can assume without 
loss of generality that the disjuncts are distinct, since if they were not, we 
could suppress the duplications and still have a provable disjunct. Let < 
(B,,01),...,(Bn,on) > be a sequence of distinct substitution pairs where 
each B; is the matrix of the functional form of some sentence in — I, let 
HT be the corresponding sequence of substitution instances and assume that 
— FH is provable. Notice that the conditions assumed before the statement 
of theorem 7.5.1 guarantee that every substitution pair (B,o) corresponds to 
the unique pair (Qn@n-..Q141C,0), where Jy,...4ymB is the functional form 
of some sentence Qn2@p...Q121C in > T, and a is a substitution with support 
{yt +5 Ym}: 


Given the prenex sentence A = Qy%y...Qi21C in — I, its functional 
form is a sentence of the form 


yi yin C [rif Zis sof Spl 


where the union of {y1,..., Ym} and {21,..., Zp} is {a1,...,¢n}, and {z1,..., zp} 
is the set of variables which are universally quantified in A. Each term r; is 
rooted with the Skolem function symbol f/. Consider the set HT composed 
of all terms of the form 


14[$1/Yr5 5 Sm/Ym|] 


occurring in the Herbrand disjunction — H, where r; is a Skolem term asso- 
ciated with an occurrence of a universal quantifier in some prenex sentence A 
in T, and s},...,8, are the terms defining the substitution o involved in the 
substitution pair (C[ri/z1,...,Tp/Zpl, 7). 


We define a partial order on the set HT as follows: For every term in 
HT of the form fA(ti,...,tm), every subterm of t; € HT (possibly t; itself, 
1 <i<™m) precedes fA(t,..., tm); 


Every term in HT rooted with fA precedes any term in HT rooted with 
fe att 7. 

In order to reconstruct a proof, we will have to eliminate the Skolem 
symbols and perform V : right rules with new variables. For this, we set up 
a bijection v between the set HT and a set of new variables not occurring 
in T. For every term ¢ occurring in the Herbrand disjunction H (not only 
terms in HT), let t be the result of substituting the variable v(s) for every 
maximal subterm s € HT of t (a maximal subterm in HT of t is a subterm 
of t in HT, which is not a proper subterm of any other subterm in HT of t). 
Let < (Bi,04),-.., (By, an) > be the list of substitution pairs obtained from 
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< (B,,01),...,(Bn,on) > by replacing each term fin, wy Ym) Occurring in 
B; (where A; is the sentence in I whose functional form is 4y1...4ymBi) by 
v(oi( he (41, -+-;Ym))), and each term s involved in defining the substitution 0; 
by 5 (B} is actually a substitution instance of the matrix of a prenex formula 
in I, where the substitution is a bijection). Let — H’ be the resulting sequent 
of substitution instances. 


We are going to show that a deduction of — I can be constructed from 
— H' (really < (Bj,0}),...,(By,.o%h) >) and the partially ordered set HT. 
First, notice that since — H is provable in the propositional part of LK 
(or LK.), — H’ is also provable since the above substitutions do not affect 
inferences used in the proof of — H. The following definition will be needed. 


Definition 7.5.4 Given a substitution pair (A,o), where A is a prenex 
formula of the form Qy2n...Qix1C (n > 1) occurring in the sequent — T and 
o is a substitution with support the subset of variables in {21,...,2,} bound 
by existential quantifiers, the o-matrix of the functional form of A up to % 
(0 <i <n) is defined inductively as follows: 


For i = 0, the o-matrix of the functional form of A up to 0 is the substitu- 
tion instance of C obtained by substituting the new variable u(a( i} (Y1, «+; Ym) 
)) for x; in C, for each occurrence of a variable x; bound by a universal quan- 
tifier in A. 


For 0<i<n-1: 


(i) If Qiga = J and if the o-matrix of the functional form of A up to 
iis B, the o-matrix of the functional form of A up to i+ 1 is 4aj441B; 


(ii) If Qi41 = V, if the o-matrix of the functional form of A up to ¢ is 
Blv(o(fAi(y1, ++ Ym)))/xi41], where the set of variables bound by existential 
quantifiers in Qna@y...Qjs2Vi+e is {Y1,---;Ym}, the o-matrix of the functional 
form of A up toi+1 is Vaj41B. 


Note that the o-matrix of the functional form of A up to n is A itself. 


Next, we define inductively a sequence II of lists of substitution pairs 
< (Bi,01),...,(Bp, op) >, such that the tree of sequents > o1(B1),..., %(Bp) 
is a deduction of — T from — H’. During the construction of II, terms 
will be deleted from HT, eventually emptying it. Each B; in a pair (B;,0;) 
is the o-matrix of the functional form up to some 7 of some sentence A = 
Qn@tn-.-QiX;...Q121C in — T, where o is one of the original substitutions in 
the list < (Bi,0/),...,(By, oy) >. Each o; is a substitution whose support is 
the set of variables in {ay, ...,%;41} which are bound by existential quantifiers 
in A. 


The first element of II is 


/ 


< (Bi, 04) +4 Byiow) Pan 
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If the last element of the list II constructed so far is < (Bj), 01), ...,(Bp, Op) > 
and the corresponding sequent of substitution instances is > A, the next list 
of substitution pairs is determined as follows: 


If A differs from T and no formula B; for some pair (B;,0;) in the list 
< (Bi,01),...,(Bp,%) > is the o-matrix of the functional form up to i of 
some sentence 


A = Qn@n---40441Q;2j...Q141C 


occurring in — I, select the leftmost formula 


By = Qizi...Q1 01 Blo( fA 1(s1, »-; 8m))/ 241] 


which is the o-matrix of the functional form up to 7 of some sentence 
A= Qn2@tn-. V0j41Qi2j..--Q121C 


in + T, and for which the variable v(f4,(s1, ..., 8m)) corresponds to a maxi- 


mal term in (the current) HT. Then, apply the V: right rule to v(fAi(s1, 1s 
Sm)), obtaining the sequent — A’ in which 


0; (Vri41Qivs...Qi%1B) 
replaces 


0; (Qivi..-Qia1 Blo( fA 4(s1, weey 8m))/i41])- 
At the end of this step, delete aa aiy .;$m) from HT, and perform con- 
tractions (and exchanges) if possible. The new list of substitution pairs is 
obtained by first replacing 
(B Jy? aj) 
by 
(Va41Qiai...Q1 1B, oj); 
and performing the contractions and exchanges specified above. 


Otherwise, there is a formula 


which is the o-matrix of the functional form up to z of some sentence 


A = Qn@n---40j441Q;2j...Q141C 


in — TI. Then, apply the 4: right rule to the leftmost substitution instance 
o;(B;) 


in — A of such a formula. The conclusion of this inference is the sequent 
— A’ in which 


0; (Aas 41Qia;...Q121B) 
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replaces 
o;(Qix;...Q121B), 


where o% is the restriction of the substitution 0; obtained by eliminating 7441 
from the support of a; (Hence, oj(a#i41) = vi41). The pair 


(Axi41Qiai...Q121, 0}) 


replaces the pair 

(B;,0;) 
in the list of substitution pairs. After this step, perform contractions (and 
exchanges) if possible. Note that in this step, no term is deleted from HT. 


Repeat this process until a list of substitution pairs < (Bi,01),..., (Bp, 
Op) > is obtained, such that every substitution a; has empty support and 
— B,,..., By is the sequent — TL. 


We claim that II defines a deduction of — T from —> H’. First, it is easy 
to see that the sequence II ends with the sequent — I, since we started with 
substitution instances of matrices of functional forms of sentences in — I, 
and since every step brings some formula in A “closer” to the corresponding 
formula in I. We leave the details as an exercise. 


To show that the eigenvariable condition is satisfied for every application 
of the V: right rule, we show the following claim by induction on the number 
of V: right steps in II. 


Claim: Just before any application of a V : right rule, the set of terms 
of the form fA(s1,...,5m) such that v(fA(s1, ...,$m)) occurs (free) in A is the 
current set HT, and for every maximal term fA(s1,..., 8m) € HT, the variable 
v(fA(s1,-.-;8m)) occurs free in at most one formula in A of the form 


Qi-1%4-1-.-Q141Blu(fA(si, seey 8m))/xi]- 


Proof of claim: Just before the first V : right step, since all the formulae 
in > A are of the form J2;_1...d%,B, and since the formulae in — H are 
substitution instances of matrices of sentences occurring in the functional 
form of > T, it is clear that the set of terms of the form fA(s1,..., 8m) such 
that v(fA(s1,...,8m)) occurs in > A is the initial set HT. Since a term 
fA(s1,--;8m) is maximal in HT if and only if it corresponds to the rightmost 
occurrence of a universal quantifier in A, v(fA(s1,...,5m)) occurs free at most 
in a single formula 


AD; 1... d21Blu( fA (s1, ++ 8m))/ i] 


(substitution instance of the o-matrix of the functional form up to 7— 1 of the 
sentence A = Qn2@n...Vajdu;_1...4dr,C in > T). Next, assuming the induction 
hypothesis, let — A, be the sequent and HT, the set of terms just before 
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an application of a V : right step, and — Ag be the sequent and HT» the 
set of terms just before the next V : right step. Since the maximal term 
fA(s1,--;8m) is deleted from HT, during the V : right step applied to > Ay, 
and since the following steps until the next V : right step are 4: right rules 
which do not affect HT, — {fA(s1, ..., 8m)}, 


Hip = Bly =f FF (sissy Sea) be 


Since a term ff(s1,...,5m) is maximal in HT» if and only if it corresponds 
to the rightmost occurrence of a universal quantifier in the prefix Qn2p... 
Qi41Li41 VU; of the formula 


A= Qntn...Qiqi igi VEiQi-1%i-1..Q141C 


in — T, it must correspond to Va;. If the variable v(fA(s1,...,8m)) oc- 
curs free in some other formula tee er eared cae ad in — Ag, since R; = V, 
v(fA(s1,..;8m)) occurs within a term of the form fee ++ 84), contradict- 
ing the maximality of fA(s1,...,5m), since eer ...,8{) is also in HT» (as 
a result of the induction hypothesis). Therefore, v(fA(s1,...,5m)) may only 
occur free in the formula 


Qi-1%4-1-.-Q121Blu(fA(s1, sees Sm))/X5] 


in — Ag, substitution instance of the o-matrix of the functional form up to 
i—1 of the formula 


A= Qn&n-- VE;Qj-1%j-1-.-Q 1 41C 


in — I. Hence, the eigenvariable condition is satisfied. In a 4: step, since 
the variables occurring in the term s are distinct from the variables occurring 
bound in the formulae in I, the term s is free for x; in the substitution, and 
the inference is valid. Hence, II yields a deduction of + T from — A’, which 
can be extended to a proof of + T from axioms, since > H’ is provable. This 
concludes the proof of Herbrand’s theorem. 


The method for reconstructing a proof from a list of substitution pairs 
is illustrated in the following example. 


EXAMPLE 7.5.3 
Consider the sequent — [ given by: 


aVy-P(x, y), dyiV27Q(y1, 2), Ver dy2dz1(P(21, y2) A Q(y2, 21)), 


whose functional form is: 


z>P(ax, f(x)), dyi-Q(y1, 9(y1)), Fy2dz1(P(a, yo) A Q(y2, 21))- 
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The provable sequent — H given by 


> +P(a, f(a), -Q(F(a), (F(a), P(@ Fla) A Q(F(@), 9(F(@))) 


is obtained from the functional form of the original sequent by deleting 
quantifiers and substituting the terms a, f(a), f(a) and g(f(a)) for a, 
Yi; Y2, and z, respectively. We have HT = {a, f(a), g(f(a))}, with the 


ordering a < f(a), a < g(f(@)), f(a) < g(f(a)). 
Define the bijection v’ such that vu’(g(f(a))) = u, v’(f(a)) = v and 


v'(a) = w. The result of replacing in > H the maximal terms in HT 
by the variables given by v’ is the sequent — H’ given by 


— aP(w,v), 7Q(v, u), P(w, v) A Q(x, u). 


The formula P(w,v) A Q(v, u) is the o-matrix of the functional form up 
to 0 of the formula Vwdvudu(P(w, v) AQ(v, u)). Hence we have a J: right 
step. 


— aP(w,v), 7Q(v, u), P(w, v) A Q(v, u) 
“a “P(w, v), 7Q(v, u), dz1(P(w, v) A Q(v, 21)) 


Similarly, 3z1(P(w,v) A Q(v, 21)) is the o-matrix of the functional form 
up to 1 of Vwavudz1(P(w, v)AQ(v, 21)). Hence, we have another 4: right 
step. 


— aP(w,v), 7Q(v, u), P(w, v) A Q(v, u) 
aa “P(w, v); AQ(v, u), dai (Pw, y2) A Q(y2; 21)) 
= =P(w, v), 7Q(v, u), dy2dz1(P(w, y2) A Q(y2, 21) 


Now, only a V: right step can be applied. According to the algorithm, 
we apply it to the leftmost formula for which the variable v’(t) cor- 
responds to a maximal term t € HT. This must be ~Q(v, wu), since 
v'(g(f(a)) = u and g(f(a)) is the largest element of HT. We also delete 
g(f(a)) from AT. 


Note that it would be wrong to apply the V : right rule to any of the 
other formulae, since both w and v would occur free in the conclusion 
of that inference. 


— aP(w,v), 7Q(v, u), P(w, v) A Q(v, u) 
= +P(w, v0), 9Q(v, u), dzi(P(w, y2) A Q(y2; 21)) 
= +P(w, v), 9Q(v, u), y2tzr(P(w, yo) A Q(y2, 21) 
= oP(w, 0), V2>Q(v, 2), dyatar(P(w, ya) A Q(y2, 1) 
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Now, we can apply a 4: right step to Vz7Q(v, z). 


— aP(w,v), 7Q(v, u), P(w,v) A Q(v, u) 
= +P(w, 0), 9Q(v, u), dza(P(w, y2) A Q(y2; 21)) 
= +P(w, v), 9Q(v, u), yetzi(P(w, yo) A Q(y2, 1) 
= oP(w, 0), V2>Q(v, 2), Ayetzr (Pw, yo) A Q(y2, 1) 


= aP(w,v), dyVz27Q(y1, 2), Sy2dz1(P(w, y2) A Q(ye, 21)) 


At this point, a V : right step is the only possibility. Since the next 
largest term in HT = {a, f(a)} is f(a), we apply it to —P(w,v). 


— aP(w,v), 7Q(v, u), P(w, v) A Q(v, u) 
> >P(w,v), 7Q(v, u), dzi(P(w, y2) A Q(y2, 21) 
> >P(w,v), -Q(v, u), Jy2dzi(P(w, y2) A Q(y2, 21) 
> aP(w,v),V27Q(v, 2), dyzder(P(w, y2) A Q(ya2, 21)) 
> aP(w, v), dyiV27Q(y1, 2), Syodei(P(w, ye) A Q(y2, 21) 
— Vy>P(w, y), dyiV27Q(y1, 2), Syodzr(P(w, yo) A Q(ye, 21)) 


We can now apply a 4: right step to Vy>P(w, y). 


— aP(w,v), 7Q(v, u), P(w, v) A Q(v, u) 
> +P(w,v), 7Q(v, u), dzi(P(w, y2) A Q(ye, 21) 
> >P(w,v), -Q(v, u), y2dzi(P(w, y2) A Q(ye, 21) 
> aP(w,v),V27Q(v, 2), dy2der(P(w, y2) A Q(y, 21)) 
> >P(w, v), dyiV27Q(y1, 2), Sy2der(P(w, y2) A Q(y2, 21) 
= Vy P(w,y), dyiV27Q(y1, 2), Fy2der(P(w, y2) A Q(y2, %1)) 
— AgVy>P(2, y), dyiV27Q(y1, 2), Sy2dzr(P(w, ya) A Q(y2, 21)) 


Finally, since HT = {a} and only a V : right step is possible, a V : right 
step is applied to Sy.4z(P(w, ye) A Q(y2, %1))- 
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— aP(w,v), 7Q(v, u), P(w, v) A Q(v, u) 
> +P(w,v), 7Q(v, u), dzi(P(w, y2) A Q(y2, 21)) 
> >P(w,v), -Q(v, u), y2dzi(P(w, y2) A Q(ye, 21) 
> aP(w,v),V27Q(v, 2), dy2der(P(w, y2) A Q(y2, 21)) 
> 9P(w, v), dyiV27Q(y1, 2), dy2der(P(w, y2) A Q(y2, 21) 
= Vy P(w, y), dyiV27Q(y1, 2), Fy2der(P(w, y2) A Q(yo, %1)) 
aVy P(x, y), dyiV27Q(y1, 2), Sy2dzi(P(w, y2) A Q(y2, 21)) 


aVy-P(x, y), dyiV27Q(y1, 2), Vt 1 dy2dz1(P(#1, y2) A Q(y2, 21)) 


{ 


{ 


This last derivation is a deduction of — I from — H’. Observe that 
this proof is identical to the proof of example 7.3.4. 


Remarks: (1) The difference between first-order logic without equality 
and first-order logic with equality noted in the paragraph following the proof of 
theorem 5.6.1 shows up again in Herbrand’s theorem. For a language without 
equality, in view of the second corollary to theorem 5.5.1, the hard part in 
finding a proof is to find appropriate substitutions yielding a valid Herbrand 
disjunction. Indeed, as soon as such a quantifier-free formula is obtained, 
there is an algorithm for deciding whether it is provable (or valid). However, 
in view of the remark following the corollary, Church’s theorem implies that 
there is no algorithm for finding these appropriate substitutions. 


For languages with equality, the situation is worse! Indeed, even if we 
can find appropriate substitutions yielding a quantifier-free formula, we are 
still facing the problem of finding an algorithm for deciding the provability (or 
validity) of quantifier-free formulae if equality is present. As we mentioned 
in Chapter 5, there is such an algorithm presented in Chapter 10, but it is 
nontrivial. Hence, it appears that automatic theorem proving in the presence 
of equality is harder than automatic theorem proving without equality. This 
phenomenon will show up again in the resolution method. 


(2) Note that the last part of the proof of theorem 7.5.1 provides an 
algorithm for constructing a proof of — T° from the Herbrand disjunction H 
(really, the list of substitution pairs) and its proof. Similarly, the first part of 
the proof provides an algorithm for constructing an Herbrand disjunction and 
its proof, from a proof satisfying the conditions of Gentzen’s sharpened Haupt- 
satz. Actually, since the proof of the sharpened Hauptsatz from Gentzen’s cut 
elimination theorem is entirely constructive, a Herbrand disjunction and its 
proof can be constructed from a pure-variable, cut-free proof. The only step 
that has not been justified constructively in our presentation is the fact that a 
provable sequent has a cut-free proof. This is because even though the search 
procedure yields a cut-free proof of a provable sequent, the correctness and 
termination of the search procedure for provable sequents is established by 
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semantic means involving a nonconstructive step: the existence of the possibly 
infinite counter-example tree (considering the case where the sequent is fal- 
sifiable). However, Gentzen gave a completely constructive (syntactic) proof 
of the cut elimination theorem, and so, the version of Herbrand’s theorem 
given in this section is actually entirely constructive, as is Herbrand’s original 
version (Herbrand, 1971). See also lemma 7.6.2. 


As mentioned at the beginning of this chapter, there is a theorem similar 
in form to Herbrand’s theorem and known as the Skolem-Herbrand-Gédel 
theorem. Since a version of that theorem will be proved in Section 7.6, we 
postpone a discussion of the relationship between the two theorems to the end 
of Section 7.6. 


PROBLEMS 


7.5.1. Prove the following fact: Given a sequent Aj,...,Am — Bi,...,Bn, 
Aj,..;Am — Bi,...,Bn is provable (in LK) if and only if — 7A, V 
.VaAm V BL V...V By, is provable (in LK). 

7.5.2. The method given in Section 7.2 for converting a formula to prenex 
form used in conjunction with the Skolemization method of Section 
7.5 tends to create Skolem functions with more arguments than nec- 
essary. 


(a) Prove that the following method for Skolemizing is correct: 


Step 1: Eliminate redundant quantifiers; that is, quantifiers Vz or da 
such that the input formula contains a subformula of the form VazB 
or 4zB in which x does not occur in B. 


Step 2: Rectify the formula. 

Step 3: Eliminate the connectives > and =. 

Step 4: Convert to NNF. 

Step 5: Push quantifiers to the right. By this, we mean: Replace 


= AVdirB if xis not freein A 
dr(AV B)b {2 : 
age Gy hy drAV B if x is not free in B. 


AVYV«B_ if is not free in A , 
VaAV B if x is not free in B. 
AAAxB if x is not free in A, 
dzAAB_ if x is not free in B. 
AAYV«xB if x is not free in A, 
VaANB if x is not free in B. 


V2(A V B) by { 


WwW 


x(A A B) by { 


Va(A A B) by { 


Step 6: Eliminate universal quantifiers using Skolem function and 
constant symbols. 
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Step 7: Move existential quantifiers to the left, using the inverse of 
the transformation of step 5. 


(b) Compare the first method and the method of this problem for the 
formula 


Vaodyi Vari dyo(P(x1, y1) A Q(£2, y2))- 


Note: Step 5 is the step that reduces the number of arguments of 
Skolem functions. 


Prove that the following formulae are valid using Herbrand’s theorem: 


a(daVyP(a2,y) A VysaP(y, x)) 
a(a(VeP(x) V Sy7Q(y)) V (VzP(z) V dw7Q(w))) 
a(-Va( P(x) V Sy7Q(y)) V (VzP(z) V dw7Q(w))) 


Give an example in which A[s)/21][$2/22]...[Sn/@n], the result of sub- 
stituting s; for 1, ... ,8, for x, (as defined in definition 5.2.6) in that 
order, is different from A[s1/a5,...,$n/Xp]. 


Show that if none of the variables in the support of the substitution 
o occurs in the terms §},...,8,, the order in which the substitutions 
are performed is irrelevant, and in this case, 


Als1/x1][52/22]...[5n/¢n] = Alsi/@1,..., $n/Ln]. 


Fill in the missing details in the proof of theorem 7.5.1. 


Consider the following formula given by 


aAyV2z(P(z,y) = 75a(P(z, x2) A P(x, z))). 


(a) Prove that the above formula is equivalent to the following prenex 
formula A: 


VydzVudal[(P(z,y) A Plz, x) A P(x, z))V 
(4P(z,y) A (4P(z,u) V >P(u, 2)))]. 


(b) Show that A can be Skolemized to the formula 


B= Azgda[(P(z,a) A P(z,x) A P(a, z))V 
(4P(z, a) A (4P(z, f(z) V PCF (2), 2)))], 


and that the formula C given by 


[((P(a, a) A P(a, f(a)) A P( f(a), @))V 
(4P(a, a) A (4P(a, f(a) V >P(F(a), @)))] 
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is valid. 


(c) Using the method of theorem 7.5.1, reconstruct a proof of A from 
the valid Herbrand disjunction C’. 


7.5.7. Consider a first-order language without equality. Show that Her- 
brand’s theorem provides an algorithm for deciding the validity of 
prenex sentences of the form 


Var1...VEmoy1..-dynB. 


7.5.8. Write a computer program implementing the method given in the 
proof of theorem 7.5.1 for reconstructing a proof from a Herbrand’s 
disjunction. 


7.6 Skolem-Herbrand-Gédel’s Theorem for Formulae in 
NNF 


In this section, we shall state a version of the Skolem-Herbrand-Gédel theorem 
for unsatisfiability as opposed to validity. 


7.6.1 Skolem-Herbrand-Gédel’s Theorem in Unsatisfia- 
bility Form 


Using the results of Section 7.4, we shall derive a version of the Herbrand- 
Skolem-Gédel theorem for formulae in NNF due to Andrews (Andrews, 1981). 
Actually, we shall prove more. We shall also give half of a version of Her- 
brand’s theorem for sentences in NNF, the part which states that if a sequent 
A — is provable, then a quantifier-free formula C’ whose negation —=C is 
provable can be effectively constructed. 


We believe that it is possible to give a constructive Herbrand-like ver- 
sion of this theorem similar to theorem 7.5.1, but the technical details of the 
proof of the converse of the theorem appear to be very involved. Hence we 
shall use a mixed strategy: Part of the proof will be obtained constructively 
from theorem 7.4.1, the other part by a semantic argument showing that a 
sentence is satisfiable iff its Skolem form is satisfiable. This last result is 
also interesting in its own right, and can be used to prove other results, such 
as the compactness theorem, and the Lowenheim-Skolem theorem (see the 
problems). 


Since a formula A is valid iff =A is unsatisfiable, any unsatisfiability 
version of the Skolem-Herbrand-Gédel theorem yields a validity version of the 
theorem, and vice versa. Since one of the most important applications of the 
Skolem-Herbrand-Gédel theorem is the completeness of refutation-oriented 
procedures such as the resolution method (to be presented in Chapter 8) and 
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the method of matings (Andrews, 1981), it will be useful for the reader to see 
a treatment of this theorem for unsatisfiablity. 


As discussed in Section 7.5, since our goal is now to prove that a formula 
A is valid by showing that —A is unsatisfiable, we are going to use the dual of 
the method used in Section 7.5, that is, eliminate existential quantifiers using 
Skolem functions. However, it is not quite as simple to define the conversion 
of a formula in NNF to Skolem normal form (satisfiability functional form) as 
it is to convert a formula in prenex form into (validity) functional form. We 
present an example first. 


EXAMPLE 7.6.1 
Consider the formula 


= dx((P(x) V dyR(a,y)) D (AzR(a, z) V P(a))). 


The NNF of its negation is 


B=Vx((P(a) V dyR(a,y)) A (VWz4R(a, z) A aP(a))). 


The following is a (G2""S) proof in normal form of the sequent B — : 


P(a), —P(a) aay, R(a, y); aR(a, y) — 


P(a), “Ra, y)> —P(a) = Ra, Y); “Ra, y), —P(a) ms 


(P(a) Vv R(a, y)), “R(a, Y), —P(a) aw 


(P(a) V R(a,y)), (GR(a,y) A >P(a)) > 


(P(a) V R(a,y)) A (AR(a, y) A >P(a)) > 


(P(a) V R(a,y)) A (Vz7R(a, z) A aP(a)) > 


(P(a) V syR(a, y)) A (Vz7R(a, z) A aP(a)) > 


Va((P(x) V dyR(2, y)) A (Vz7R(a, z) A aP(a))) > 


(In order to shorten the proof, the A : left rule of G was used rather 
than the / : left rule of G2""S. We leave it as an exercise to make the 
necessary alterations to obtain a pure G2”"/-proof.) The midsequent is 


(P(a@) V R(a,y)) A (OR(a,y) A>P(a)) >. 


The existential quantifier can be eliminated by introducing the unary 
Skolem function symbol f, and we have the following sequent: 


(x) Va((P(x) V R(a, f(x))) A (W2>R(a, 2) A>P(a))) > 
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If in the above proof we replace all occurrences of the eigenvariable y by 
f(a), we obtain a proof of the sequent (*) whose midsequent is: 


(P(a) V Ra, f(a))) A (“R(a, f(a) A>P(a)) > 


This illustates the Skolem-Herbrand-Gédel’s theorem stated in unsatis- 
fiability form: A formula B is unsatisfiable iff some special kind of quantifier- 
free substitution instance of B is unsatisfiable. 


Such instances are called compound instances by Andrews (Andrews, 
1981). We shall now define precisely all the concepts mentioned in the above 
example. 


7.6.2 Skolem Normal Form 


We begin with the notion of universal scope of a subformula. 


Definition 7.6.1 Given a (rectified) formula A in NNF, the set US(A) of 
pairs < B,L > where B is a subformula of A and L is a sequence of variables 
is defined inductively as follows: 


USo = {< A,<>>}; 
USk41 = US, U{< C,L>,< D,L> | < B,L>e US, 
B is of the form (C A D) or (CV D)} 
U{<C,L> | <4rC,L >e US;} 
UL{< COC, < y1,-5Ym, 4 >> | <VaC,< y1,...,Ym >>€ USz}. 


For every subformula B of A, the sequence L of variables such that 
< B,L > belongs to US(A) = JUS, is the universal scope of B. 


In the process of introducing Skolem symbols to eliminate existential 
quantifiers, we shall consider the subset of US consisting of all the pairs 
< d2B,L >, where 4xB is a subformula of A. 


EXAMPLE 7.6.2 
Let 


A =V2(P(a) V Sy(Q(y) AV2z(P(y, z) V JuQ(a, u)))) V JwQ(a, w). 


< dy(Q(y) AVz(Ply, 2) V JuQ(z,u))),< x >>, 
< JuQ(#,u),<2,z>> and 
< dwQ(a, w),<>> 
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define the universal scope of the subformulae of A of the form 7B. We 
now define the process of Skolemization. 


Definition 7.6.2 Given a rectified sentence A, the Skolem form SK(A) 
of A (or Skolem normal form) is defined recursively as follows using the set 
US(A). Let A’ be any subformula of A: 


(i) If A’ is either an atomic formula B or the negation —B of an atomic 
formula B, then 
SK(A’) = A’. 


(ii) If A’ is of the form (B * C), where * € {V,A}, then 
SK(A’) = (SK(B) « SK(C)). 
(iii) If A’ is of the form VxB, then 


SK(A’) =VaSK(B). 


(iv) If A’ is of the form 4zB, then if < y1,...,Ym > is the universal scope 
of 4xB (that is, the sequence of variables such that < 4vB,< y1,...,Ym >>€ 
US(A)) then 


(a) If m > 0, create a new Skolem function symbol fa: of rank m and 


let 
SK(A‘) = SK(B[fa/ (yi, + Ym)/2)). 


(b) If m = 0, create a new Skolem constant symbol fa: and let 


SK(A’) = SK(B[fa//2]). 


Observe that since the sentence A is rectified, all subformulae A’ are 
distinct, and since the Skolem symbols are indexed by the subformulae A’, 
they are also distinct. 


EXAMPLE 7.6.3 
Let 


A = Va(P(a) V Ay(Q(y) AV2(P(y, 2) V JuQ(@, u)))) V 


wQ(a,w), 


as in example 7.6.2. 


SK(jwQ(a, w)) = Q(a, ¢), 
SK (JuQ(2, u)) i Q(z, f(a, z)), 
SK (4y(Q(y) AV2(P(y, z) V JuQ(z, u)))) = 


(Q(9(x)) AVz(P(g(2), 2) V Q(a, f(x, 2)))), and 
SK(A) = 
Va(P(a) V (Q(g(@)) A V2(P(9(2), 2) V O(a, f(2, z))))) V Q(a, ¢). 
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The symbol c is a Skolem constant symbol, g is a unary Skolem function 
symbol, and f is a binary Skolem function symbol. 


7.6.3 Compound Instances 


At the end of example 7.6.1, we mentioned that the midsequent of a proof in 
normal form of a sequent B — where B is in Skolem normal form consists 
of certain formulae called compound instances. The formal definition is given 
below. 


Definition 7.6.3 Let A be a rectified sentence and let B its Skolem form. 
The set of compound instances (for short, c-instances) of B is defined induc- 
tively as follows: 


(i) If B is either an atomic formula C or the negation =C' of an atomic 
formula, then B is its only c-instance; 


(ii) If B is of the form (C x D), where « € {V, A}, for any cinstance H 
of C and c-instance K of D, (H « K) is a cinstance of B; 

(iii) If B is of the form VxC, for any k closed terms ¢1,...,t,, if Hj is a 
cinstance of C[t;/x] for i=1,...,k, then Hy A... A Hy is a cinstance of B. 


EXAMPLE 7.6.4 
Let 


B=Va(P(x) V VyQ(y, f(@))) A (>P(a) A (Q(a, f(@)) V Q(6, F(a). 


Then, 


(Pla) V (Q(a, f(a) NQ(6, F(a)))) A (FP(@) A(-Q(a, f(a)) V7Q(6, f(@)))) 
is a cinstance of B. 


Note that c-instances are quantifier free. The following lemma shows 
that in a certain sense, c-instances are closed under conjunctions. 


Lemma 7.6.1 Let A be a sentence in NNF and in Skolem normal form. For 
any two c-instances K and L of A, a cinstance D such that D D (K A L) is 
provable can be constructed. 


Proof: We proceed by induction on A. 


(i) If A is either of the form B or 4B for an atomic formula B, then 
ke =L=Aandwe let D=A. 


(ii) If A is of the form (B * C), where « € {V, A}, then K is of the form 
(B, * C1) and L is of the form (By * C2), where By and Bo are cinstances 
of B, and C, and C3 are c-instances of C. By the induction hypothesis, 
there are c-instances D, of B and Dz of C such that D, D (B, * Bz) and 


360 7/Gentzen’s Sharpened Hauptsatz; Herbrand’s Theorem 


Dz D (C, * Cz) are provable. But then, D = (D, * Dz) is a c instance of A 
such that D D> (K x L) is provable. 


(iii) If A is of the form VaC, then K has the form Hi A... \ Hm, where 
H;, is a cinstance of C|s;/a] for i = 1,...,m, and L has the form Ky, /A...A\ Kn, 
where K; is a c-instance of C[t;/a] for 7 =1,...,n. It is clear that D= K AL 
satisfies the lemma. 


We are now ready for the constructive part of Herbrand’s theorem 


7.6.4 Half of a Herbrand-like Theorem for Sentences in 
NNF 


In the rest of this section, it is assumed that first-order languages have at least 
one constant symbol. This can always be achieved by adjoining the special 
symbol # as a constant. First, we prove the constructive half of Herbrand’s 
theorem announced in the introduction to this section. This part asserts a 
kind of completeness result: If a sequent A — is provable, then this can 
be demonstrated constructively by providing a (propositional) proof of the 
negation 7C' of a quantifier-free formula C obtained from A. 


Lemma 7.6.2 Let L be a first-order language with or without equality. Let 
A be an L-sentence in NNF, and let B be its Skolem normal form. If A — is 
provable (in G1"" or G1""F), then a (quantifier-free) c-instance C of B can 
be constructed such that =C is provable. 


Proof: From theorems 7.4.1 and 7.4.2, if A — is provable, it has a proof 
in normal form, in which all quantifier rules are below all propositional rules. 
Let us now perform the following alteration to the proof: 


In a bottom-up fashion, starting from B—, whenever the 4: left rule 
is applied to a subformula A’ of the form 4xrB with eigenvariable z, if the 
universal scope of 4rB is < y4,...;Ym > and the terms ¢j,...,t;, have been 
substituted for y1,...,Ym in previous V : right steps, substitute fia/(t1, ...,tm) 
for all occurrence of z in the proof. If the midsequent of the resulting tree still 
has variables, substitute any constant for all occurrences of these variables. 


It is not difficult to prove by induction on proof trees that the resulting 
deduction is a proof of the sequent B —, where B is the Skolem form of A. 
This is left as an (easy) exercise. 


We can also prove that the midsequent consists of c-instances of B. For 
this, we prove the following claim by induction on proof trees: 


Claim: For every proof in normal form of a sequent [ — consisting of 
Skolem forms of sentences, the formulae in the midsequent are c-instances of 
the sentences in I. 


Proof of claim: We have three cases depending on the sentence B to 
which the quantifier rule is applied. 
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The result is trivial if B is either an atomic formula or the negation of 
an atomic formula. 


If B is of the form (C x D), where * € {A,V}, assume without loss of 
generality that the V: left rule is applied to C’. Hence, in the premise of the 
rule, (C * D) is replaced by (C[F[t/2])/E] * D), where E is a maximal sub- 
formula of C of the form VaF. By the induction hypothesis, the midsequent 
consists of c-instances of (C[F[t/a])/E] * D) and of the other formulae in I. 
However, one can easily show by induction on the formula C' that a c-instance 
of (C[F[t/2]) /E]* D) is also a c-instance of (C'* D). This is left as an exercise 
to the reader. Hence, the result holds. 


If B is of the form VxC, then in the premise of the rule, B is replaced by 
C|t/x] for some closed term t. By the induction hypothesis, the midsequent 
consists of c-instances of C[t/a] and of the other formulae in I’. By definition, 
a c-instance of C[t/z] is a c-instance of B. Hence, the midsequent consists of 
c-instances of the sentences in I’. 


If Cj,...,Cm are the c-instances of B occurring in the midsequent, since 
C,...,Cm — is provable, =(Cy A... A Cm) is provable. Applying lemma 
7.6.1 m—1 times, a cinstance C’ of B can be constructed such that C' D 
(C1, A... \ Cm) is provable. But then, =C is provable since a=(Cy A ... A Cm) 
is provable. 


Remark: In Andrews, 1981, a semantic proof of lemma 7.6.2 is given for 
languages without equality. Our result applies to languages with equality as 
well, and is constructive, because we are using the full strength of the normal 
form theorems (theorems 7.4.1 and 7.4.2). 


7.6.5 Skolem-Herbrand-Gédel’s Theorem (Sentences in 
NNF) 


In order to prove the converse of the above lemma, we could as in the proof of 
theorem 7.5.1 try to reconstruct a proof from an unsatisfiable c-instance C’ of 
B. This is a rather delicate process whose justification is very tedious, and we 
will follow a less constructive but simpler approach involving semantic argu- 
ments. Hence, instead of proving the converse of the half of Herbrand’s theo- 
rem shown in lemma 7.6.2, we shall prove a version of the Skolem-Herbrand- 
Godel theorem. 


The following fact will be used: 


(*) If the Skolem form B of a sentence A is unsatisfiable then A is 
unsatisfiable. 


Since it is easy to prove that if C is a cinstance of B then (B D C) is 
valid, if C is unsatisfiable, then B must be unsatisfiable, and by (*) A is also 
unsatisfiable. 


We shall actually prove not only («) but also its converse. This is more 
than we need for the part of the proof of the Skolem-Herbrand-Gédel theorem, 
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but since this result can be used to give a semantic proof of the Skolem- 
Herbrand-Gédel theorem (see the problems), it is interesting to prove it in 
full. 


Lemma 7.6.3 Let L be a first-order language with or without equality. Let 
A be a rectified L-sentence in NNF, and let B be its Skolem normal form. 
The sentence A is satisfiable iff its Skolem form B is satisfiable. 


Proof: Let C be any subformula of A. We will show that the following 
properties hold: 


(a) For every structure A such that all function, predicate, and constant 
symbols in the Skolem form SK(C) of C receive an interpretation, for every 
assignment s, if A E SK(C)[s] then A — C{s]. 


(b) For every structure A such that exactly all function, predicate, and 
constant symbols in C' receive an interpretation, for every assignment s (with 
range A), if A | C|s] then there is an expansion B of A such that B — 
SK(C)[s]. 


Recall from definition 5.4.6 that if B is an expansion of A, then A and 
B have the same domain, and the interpretation function of A is a restriction 
of the interpretation function of B. 


The proof proceeds by induction on subformulae of A. 


(i) If C is either of the form D or =D where D is atomic, SK(C) = C 
and both (a) and (b) are trivial. 


(ii) If C is of the form (DA E), then SK(C) = (SK(D) A SK(E)). 


(a) If A E SK(C)[s] then A E SK(D)[s] and A — SK(E)[s]. By the 
induction hypothesis, A E D[s] and A — E[s]. But then, A E C[s). 


(b) Let A be a structure such that exactly all function, predicate, and 
constant symbols in C receive an interpretation. Since A / C[s], we have 
A — D[s] and A — E[s]. By the induction hypothesis, there are expansions 
B, and Bz of A such that By — SK(D)[s] and By — SK(E)[s]. Since 
B, and Bz are both expansions of A, their interpretation functions agree on 
all the predicate, function, and constant symbols occurring in both D and 
E, and since the sets of Skolem symbols in D and E are disjoint (because 
A is rectified), we can take the union of the two interpretation functions to 
obtain an expansion B of A such that B — (SK(D) A SK(£))[s], that is, 
BE SK(C)[s]. 


(iii) C is of the form (DV E). This case is similar to case (ii) and is left 
as an exercise. 


(iv) C is of the form VaD. Then SK(C) =VaSK(D). 


(a) If A E SK(C)[s], then A E SK(D)[s[x := al] for all a € A. By the 
induction hypothesis, A - D[s[x := al] for all a € A, that is, A - C[s]. 
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(b) If A — C[s], then A — D[s[x := a]] for all a € A. By the induction 
hypothesis, there is an expansion B of A such that for any assignment 9’, 
if A — D{s’] then B — SK(D)[s’]. But then, for all a € A, we have B | 
SK(D)|[s[x := al], that is, BE SA(C)[s]. 


(v) C is of the form JrD. Then SK(C) = SK(D)[fe(yi,---:Y¥m)/2), 
where < ¥j,---,;Ym > is the universal scope of C in A, and fo is the Skolem 
symbol associated with C. 


(a) If AE SK(C), then by lemma 5.4.1, letting 


a= (fo(y1, +5 Ym) als], 


we have A — (SK(D)[a/z])[s], which by lemma 5.3.1 is equivalent to A 
(SK(D))[s[y := al]. By the induction hypothesis, A = D[s[y := al], that is, 
A — (AcD)J[s]. 


(b) Assume that A | Cs] for every s. Then, for some a € A, A — 
D{s|{x := al]. By the induction hypothesis, there is an expansion B of A such 
that B — (SK(D))[s[x := al]. Observe that by the recursive definition of the 
Skolem form of a formula, FV(SK(D)) = {2, y1, -.-, Ym}, where < Y1,-.-5Ym > 
is the universal scope of C in A. In order to expand B to a structure for 
SK(C), we need to interpret fo in B. For any (a1,...,@m) € A™, let s be any 
assignment such that s(y;) = a;, for i = 1,..,m. By the induction hypothesis, 
there is some a € A such that 


BE (SK(D))[s|x := al]. 


Define the value of fo(a1,...,;@m) in B as any chosen a € A such that 


(*) BE (SK(D))[s[ax := al]. 


Since the only free variables in SK (D) are {x, y1,..., Ym}, by lemma 5.3.3, this 
definition only depends on the values of y1,...,Ym. Given the interpretation 
for fo given in (*), for any assignment s, for a = (fc(y1,---; ¥m))B[s], we have 
BE (SK(D))[s[a := a]]. By lemma 5.3.1 and lemma 5.4.1, we have 


BE (SK(D))[s[a := al] iff 
BE (SK(D)[a/zc])[s] iff 
BE (SK(D)[fo(y1, -) ¥m)/2))Is}- 


Hence, B E SK(C)[s], as desired. 


We are now ready to prove the following version of the Skolem-Herbrand- 
Gédel theorem extending Andrews’s theorem (Andrews, 1981) to first-order 
languages with equality. 
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Theorem 7.6.1 (Skolem-Herbrand-Gédel theorem, after Andrews) Let L be 
a first-order language with or without equality. Given any rectified sentence 
A, if B is the Skolem form of A, then the following holds: 


(a) A is unsatisfiable if and only if some compound instance C of B is 
unsatisfiable. 


(b) Given a (G1""S or G12"F) proof of the sequent A — , a compound 
instance C' of B such that =C is provable can be effectively constructed from 
the proof of A >. 


Proof: Part (b) is lemma 7.6.2. Part (a) is proved as follows. 


If A is unsatisfiable, then —A is valid and by the completeness theorem, 
AA is provable. Hence, A — is provable, and by lemma 7.6.2, a compound 
instance C of B such that =C is provable can be effectively constructed. By 
soundness, 7C is valid, and so C’ is unsatisfiable. 


Conversely, assume that some compound instance C of B is unsatisfiable. 
We prove that for any compound instance C of B, (B D C) is valid. This is 
shown by induction on B. 


If B is either an atomic formula or the negation of an atomic formula, 
C = B and (B D C) is valid. 


If B is of the form (D * E), where *« € {V,A}, then C is of the form 
(K * L) where K is a compound instance of D and L is a compound instance 
of D. By the induction hypothesis, both (D D K) and (£ D L) are valid. 
But then, (D « E) D (K * L) is valid. 


If B is of the form VaD, then C is of the form H, A ... \ Hz, where 
H;, is a compound instance of D[t;/x], for some closed terms t;, 1 = 1,...,k. 
By the induction hypothesis, (D[t;/z] D H;) is valid for i = 1,...,k. But 
(VzD D> D{t/z]) is valid for every closed term ¢ (in fact for every term t free 
for x in D), as shown in the proof of lemma 5.4.2. Therefore, (B D H;) is 
valid for i =1,...,k, which implies that (B D (Hi A... A Hx)) is valid. 


This concludes the proof that (BD C) is valid. 


Now, since C is unsatisfiable and (B D C) is valid, B is also unsatisfiable. 
By lemma 7.6.3 (part (a)), if A is satisfiable then B is satisfiable. Since B is 
unsatisfiable, A must be unsatisfiable. 


If the sentence A in NNF is also prenex, observe that a compound in- 
stance C' of the Skolem form B of A is in fact a conjunction of ground sub- 
stitution instances of the matrix of B. Hence, we obtain the following useful 
corollary. 


Corollary If A is a prenex sentence in NNF, A is unsatisfiable if and only 
if a finite conjunction of ground substitution instances of the matrix of the 
Skolem form B of A is unsatisfiable. 
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Remarks: (1) The first remark given at the end of the proof of theorem 
7.5.1 regarding the difference between logic without equality and logic with 
equality also applies here. There is an algorithm for deciding whether a c- 
instance is unsatisfiable if equality is absent, but in case equality is present, 
such an algorithm is much less trivial. For details, see Chapter 10. 


(2) The version of theorem 7.6.1(a) for languages without equality is due 
to Andrews (Andrews, 1981). Andrews’s proof uses semantic arguments and 
assumes the result of lemma 7.6.3. Instead of using lemma 7.6.2, assuming 
that every compound instance of B is satisfiable, Andrews constructs a model 
of B using the compactness theorem. His proof is more concise than ours, 
but there is more to the theorem, as revealed by part (b). Indeed, there is 
a constructive aspect to this theorem reflected in the part of our proof using 
lemma 7.6.2, which is not brought to light by Andrews’s semantic method. 


Actually, we have not pushed the constructive approach as far as we 
could, since we did not show how a proof of A — can be reconstructed from 
a proof of a compound instance C' —. This last construction appears to 
be feasible, but we have not worked out the technical details, which seem 
very tedious. Instead, we have proved a version of the Skolem-Herbrand- 
Godel theorem using the easy semantic argument that consists of showing 
that (B > C) is valid for every compound instance of B, and part (a) of 
lemma 7.6.3. 


7.6.6 Comparison of Herbrand and Skolem-Herbrand- 
Godel Theorems 


We now wish to discuss briefly the differences between Herbrand’s original 
theorem and the Skolem-Herbrand-Gédel theorem. 


First, Herbrand’s theorem deals with provability whereas the Skolem- 
Herbrand-Godel deals with unsatisfiability (or validity). Herbrand’s theorem 
is also a deeper result, whose proof is harder, but it yields more information. 
Roughly speaking, Herbrand’s theorem asserts the following: 


Herbrand’s original theorem: 


(1) If a formula A is provable in a formal system Qy defined by Her- 
brand, then a Herbrand disjunction H and its proof can be obtained construc- 
tively via primitive recursive functions from the proof of A. 


(2) From a Herbrand disjunction H and its proof, a proof of A in Qy 
can be obtained constructively via a primitive recursive function. 


The concept of a primitive recursive function is covered in some detail 
in Section 7.7, and in the following discussion, we shall content ourselves with 
an informal definition. Roughly speaking, a primitive recursive function is a 
function over the natural numbers whose rate of growth is reasonably well 
behaved. The rate of growth of each primitive recursive function is uniformly 
bounded, in the sense that no primitive recursive function can grow faster 
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than a certain given function (which itself is not primitive recursive). The 
class of primitive recursive function contains some simple functions, called the 
base functions, and is closed under two operations: composition and primitive 
recursion (see Section 7.7). Primitive recursion is a certain constrained type 
of recursion, and this is why the rate of growth of the primitive recursive 
functions is not arbitrary. 


The fact that in Herbrand’s theorem proofs can be obtained construc- 
tively and with reasonable complexity via primitive recursive functions, is a 
very essential part of the theorem. This last point is well illustrated by the 
history of the theorem, discussed extensively by Goldfarb, in Herbrand, 1971. 


Herbrand’s original version of the theorem was sometimes difficult to 
follow and its proof contained errors. As a matter of fact, Herbrand’s original 
statement of the theorem did not refer to the concept of a primitive recursive 
function. Denton and Dreben were able to repair the defective proofs, and 
they realized the fact that the constructions are primitive recursive (see Note 
G and and Note H, in Herbrand, 1971). In his thesis, Herbrand mistakenly 
claimed simpler functions. It is also interesting to know that Herbrand did not 
accept the concept of validity because it is an infinitistic concept, and that this 
is the reason he gave an argument that is entirely proof-theoretic. However, 
Herbrand had an intuitive sense of the semantic contents of his theorem. As 
mentioned by Goldfarb in his introduction to Herbrand, 1971: 


“Herbrand intends the notion of expansion to furnish more, namely a 
finitistic surrogate for the model-theoretic notion of infinite satisfiability.” 


We close this discussion with a final remark showing the central role 
occupied by Herbrand’s theorem. First, observe that it is possible to prove 
the Skolem-Herbrand-Gédel theorem without appealing to the completeness 
theorem (see problem 7.6.11). Then, the following hold: 


(1) Herbrand’s theorem together with the Skolem-Herbrand-Gédel the- 
orem implies the completeness theorem. 


(2) Herbrand’s theorem together with the completeness theorem implies 
the Skolem-Herbrand-Gédel theorem (see problem 7.6.15). 


Of course, such proofs are a bit of an overkill, but we are merely illus- 
trating the depth of Herbrand’s theorem. 


The version of Herbrand’s theorem that we have presented in theorem 
7.5.1 (and in the part in lemma 7.6.2) has the constructive nature of Her- 
brand’s original theorem. What has not been shown is the primitive recursive 
nature of the functions yielding on the one hand the Herbrand disjunction 
HT and its proof from the prenex sequent — I, and on the other hand the 
proof of — I from a proof of the Herbrand disjunction H. However, we have 
shown the recursive nature of these functions. In view of the above discussion 
regarding Herbrand’s original version of the theorem, it would be surprising 
if these functions were not primitive recursive. 
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For details on Herbrand’s original theorem, the interested reader is re- 
ferred to Herbrand, 1971; Van Heijenoort, 1967; and Joyner’s Ph.D thesis 
(Automatic theorem Proving and The Decision Problem, Ph.D thesis, W. H. 
Joyner, Harvard University, 1974), which contains a Herbrand-like theorem 
for the resolution method. 


PROBLEMS 


7.6.1. Show that the Skolem form of the negation of the formula 


A = devy[(P(2) = P(y)) > GaeP(x) = vyP(y))] 


is the formula 
C= Vyl(>P(e) V P(y)) A (PCy) V Ple))IA 

[((P(d) A >P(e)) V (VzP(z) AVanP(2))]. 
Using Skolem-Herbrand-Gédel’s theorem, prove that A is valid. 


7.6.2. Convert the negation of the following formula to Skolem form: 


adyV2(P(z,y) = 7da(P(z, 2) A P(a,z))). 


7.6.3. Convert the negation of the following formula to Skolem form: 


drdyVz([P(x,y) > (Ply, 2) A Plz, 2))IA 
(Pla, y) A Q(a,y)) > (Q(a, z) A Q(z, 2))])- 


7.6.4. Write a computer program for converting a formulae in NNF to 
SKolem normal form, incorporating the optimization suggested in 
problem 7.5.2. 


7.6.5. Fill in the missing details in the proof of lemma 7.6.2. 


7.6.6. Prove the following fact: A cinstance of (C[F|t/z])/E]* D) isac 
instance of (C x D). 


7.6.7. Use the Skolem-Herbrand-Godel theorem to show that the formula of 
problem 7.6.2 is valid. 


7.6.8. Use the Skolem-Herbrand-Gédel theorem to show that the formula of 
problem 7.6.3 is valid. 


7.6.9. Use lemma 7.6.3 to prove that a set of sentences is satisfiable iff the 
set of their Skolem forms is satisfiable. (Assume that for any two 
distinct sentences, the sets of Skolem symbols are disjoint.) 
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* 7.6.12. 


7/Gentzen’s Sharpened Hauptsatz; Herbrand’s Theorem 


Let L be a first-order language without equality. A free structure H 
is an L-structure with domain the set Hy, of all closed L-terms, and 
whose interpretation function satisfies the following property: 


(i) For every function symbol f of rank n, for all ¢1,...,t, € H, 


fa(h, tanibag) = tits and 


(ii) For every constant symbol c, 


CH = C. 


(a) Prove that the Skolem form B of asentence A in NNF is satisfiable 
iff B is satisfiable in a free structure. 


(b) Prove that a set of sentences is satisfiable iff it is satisfiable in a 
free structure. (Use problem 7.6.9.) 


(c) Prove that (b) and (c) are false for languages with equality, but 
that they are true if we replace free structure by quotient of a free 
structure. 


Let L be a first-order language without equality. Given a set S of L- 
sentences in NNF, let H be the free structure built up from the set of 
function and constant symbols occurring in the Skolem forms of the 
sentences in S. The Herbrand expansion E(C, H) of a quantifier-free 
formula C' in NNF over the free universe H, is the set of all formulae 
of the form C[t,/21,...,tm/Um], where {21,...,%m} is the set of free 
variables in C, and 1j,...,tm € H. For each sentence A € S, let 
E(B*,H) be the Herbrand expansion of the quantifier-free formula 
B* obtained by deleting the universal quantifiers in the Skolem form 
B of A. The Herbrand expansion E(A, H) of the sentence A is equal 
to E(B*, Hf). 


(a) Prove that S is satisfiable iff the union of all the expansions 
E(B*,H) defined above is satisfiable. (Use problem 7.6.10.) 


(b) Using the compactness theorem for propositional logic, prove the 
following version of the Skolem-Herbrand-Gédel theorem: 


A sentence A is unsatisfiable iff some finite conjunction of quantifier- 
free formulae in the Herbrand Expansion E(A, #) is unsatisfiable. 


(c) Use (a) to prove the Lowenheim-Skolem theorem. 


Let L be a first-order language without equality. Let L’ be an expan- 
sion of L obtained by adding function and constant symbols. Let H 
be the set of all closed L-terms, and H’ the set of all closed L’-terms. 


Prove that for any sentence A, if the Herbrand expansion E(A, H) 
is satisfiable, then E(.B*,H’) is also satisfiable, where B* is the 
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quantifier-free formula obtained by deleting the universal quantifiers 
in the Skolem form B of A. 


Hint: Define a function h : H’ — H as follows: Let tg be any fixed 
term in H. 

(i) h(t) = to if t is either a constant in H’ not occurring in B* or a 
term of the form f(ti,...,t,) such that f does not occur in B*. 

(ii) h(t) =t if t is a constant occurring in B*, or f(h(t,),..,h(t,)) if 
t is of the form f(t1,...,tn) and f occurs in B*. 


Assume that F(A, H) is satisfiable in a free structure A. Expand A to 
an L’-structure B using the following definition: For every predicate 
symbol of rank n, for all ¢1,...,tn € A’, 


BE Pty...t, iff A‘ Ph(t;)...h(ty). 


Prove that E(B*, H’) is satisfied in B. 


7.6.13. Let L be a first-order language without equality. Prove the com- 
pactness theorem using problems 7.6.11, 7.6.12, and the compactness 
theorem for propositional logic. 


7.6.14. State and prove a validity version of theorem 7.6.1. 


7.6.15. Consider first-order languages without equality. In this problem, as- 
sume that Gentzen’s original proof of the cut elimination theorem is 
used to avoid the completeness theorem in proving theorem 7.5.1. 


(a) Prove that Herbrand’s theorem (theorem 7.5.1) and the Skolem- 
Herbrand-Gédel theorem proved in problem 7.6.11 (without the com- 
pleteness theorem) yield the completeness theorem (for prenex for- 
mulae). 


(b) Prove that Herbrand’s theorem (theorem 7.5.1) and the complete- 
ness theorem yield the Skolem-Herbrand-Godel theorem. 


« 7.7 The Primitive Recursive Functions 


First, we discuss informally the notion of computability. 


7.7.1 The Concept of Computability 


In the discussion at the end of Section 7.6, the concept of a primitive recur- 
sive function was mentioned. In this section, we discuss this concept very 
briefly. For more details on recursive function theory and complexity theory, 
the reader is referred to Lewis and Papadimitriou, 1981; Davis and Weyuker, 
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1983; Machtey and Young, 1978; or Rogers, 1967. For excellent surveys, we 
recommend Enderton and Smorynski’s articles in Barwise, 1977. 


At the end of the nineteenth century, classical mathematics was shaken 
by paradoxes and inconsistencies. The famous mathematician Hilbert pro- 
posed the following program in order to put mathematics on solid foundations: 
Formalize mathematics completely, and exploit the finitist nature of proofs to 
prove the consistency of the formalized theory (that is, the absence of a con- 
tradiction) in the theory itself. In 1930, the famous logician Kurt G6del made 
a major announcement; Hilbert’s consistency program could not be carried 
out. Indeed, Gédel had proved two incompleteness theorems that showed the 
impossibility of Hilbert’s program. The second theorem roughly states that in 
any consistent formal theory T containing arithmetic, the sentence asserting 
the consistency of T is not provable in 7. 


To prove his theorems, Godel invented a technique now known as Gédel- 
numbering, in which syntactic objects such as formulae and proofs are encoded 
as natural numbers. The functions used to perform such encodings are defin- 
able in arithmetic, and are in some intuitive sense computable. These func- 
tions are the primitive recursive functions. To carry out Hilbert’s program, it 
was also important to understand what is a computable function, since one 
of the objectives of the program was to check proofs mechanically. 


The concern for providing logical foundations for mathematics prompted 
important and extensive research (initiated in the early thirties) on the topic 
of computability and undecidability, by Herbrand, Goddel, Church, Rosser, 
Kleene, Turing, and Post, to name only the pioneers in the field. Summarizing 
more than 60 years of research in a few lines, the following important and 
surprising facts (at least at the time of their finding) were discovered: 


Several models of computations were proposed by different researchers, 
and were shown to be equivalent, in the sense that they all define the same 
class of functions called the partial recursive functions. 


Among these models are the Turing machine already discussed in Sub- 
section 3.3.5, and the class of partial recursive functions (due to Herbrand, 
Kleene, Godel). 


The above led to what is usually known as the Church-Turing thesis, 
which states that any “reasonable” definition of the concept of an effectively 
(or algorithmically) computable function is equivalent to the concept of a 
partial recursive function. 


The Church-Turing thesis cannot be proved because the notion of a rea- 
sonable definition of computability is not clearly defined, but most researchers 
in the field believe it. 


The other important theme relevant to our considerations is that of the 
complexity of computing a function. Indeed, there are computable functions 
(such as Ackermann’s function, see Davis and Weyuker, 1983) that require 
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so much time and space to be computed that they are computable only for 
very small arguments (may be n = 0,1,2). For some of these functions, the 
rate of growth is so “wild” that it is actually beyond imagination. For an 
entertaining article on this topic, consult Smorynski, 1983. 


The class of primitive recursive functions is a subclass of the computable 
functions that, for all practical purposes, contains all the computable func- 
tions that one would ever want to compute. It is generally agreed that if an 
algorithm corresponds to a computable function that is not primitive recur- 
sive, it is not a simple algorithm. Herbrand’s theorem says that the algorithms 
that yields a Herbrand’s disjunction from a proof of the input formula and 
its converse are primitive recursive functions. Hence, from a computational 
point of view, the transformation given by Herbrand’s theorem are reasonably 
simple, or at least not too bad. 


The primitive recursive functions also play an important role in Gédel’s 
incompleteness results (see Enderton, 1972, or Monk, 1976). 


7.7.2 Definition of the Primitive Recursive Functions 


In the rest of this section, we are considering functions of the natural numbers. 
In order to define the class of primitive recursive functions we need to define 
two operations on functions: 


(1) Composition; 
(2) Primitive Recursion. 
Definition 7.7.1 Given a function f of m > 0 arguments and m functions 
Ji5--59m each of n > 0 arguments, the composition 
ti 2 (91, i) 


of f and gj,...,gm is the function h of n arguments such that, for all 71, .., 2p € 
N 


y] 


A(a@1,---,@n) = f(gi (21, ---,@n); +) Gm (21, +5 Zn))- 
Primitive recusion is defined as follows. 
Definition 7.7.2 Given a function f of n arguments (n > 0), and a function 


g of n+1 arguments, the function h of n+1 arguments is defined by primitive 
recursion from f and g iff the following holds: For all x1,...,a,,y EN, 


h(a1,..-,%n,0) = f(a1,...,2n)} 
h(a, .-,tn,y +1) = gly, h(a, ..-, Un, Y), 21, En): 
In the special case n = 0, let m be any given integer. Then 
h(0) = ™; 
h(y +1) = gly, h(y)). 
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We also define the base functions. 


Definition 7.7.3 The base functions are the following functions: 


(i) The successor function S, such that for all « € N, 


S(z) =a+1,; 


(ii) The zero function Z, such that for all x € N, 


(iii) The projections functions. For every n > 0, for every i, 1 <i<n, 
for all x1,...,%n EN, 
Per, en) = Tj. 


The class of primitive recursive functions is defined inductively as fol- 
lows. 


Definition 7.7.4 The class of primitive recursive functions is the least class 
of total functions over N containing the base functions and closed under com- 
position and primitive recursion. 


It can be shown that composition and primitive recursion preserve to- 
tality, so the definition makes sense. 


7.7.3 The Partial Recursive Functions 


In order to define the partial recursive functions, we need one more operation, 
the operation of minimization. 


Definition 7.7.5 Given a function g of n+ 1 arguments, the function f of 
n > 0 arguments is defined by minimization from g iff the following holds: 
For all x1,...,%, € N: 


(i) f(1,...,2n) is defined iff there is some y € N such that g(1, ...,2n, Z) 
is defined for all z < y and g(21,...,2n, y) = 0; 


(ii) If f(ai,...,@n) is defined, then f(21,...,@%n) is equal to the least y 
satisfying (i). In other words, 


f Bis sesh) =yY iff GOOG yt) =0 and 
for all z < y, g(1,...,%n, 2) is defined and nonzero. 


The condition that g(#1,...,@%p,z) is defined for all z < y is essential to 
the definition, since otherwise one could define noncomputable functions. The 
function f is also denoted by 


Miny(g(r1, etn GY) = 0) 
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(with a small abuse of notation, since the variables 21,...,7,, should not be 
present). 


Definition 7.7.6 The class of partial recursive functions is the least class 
of partial functions over N containing the base functions and closed under 
composition, primitive recursion, and minimization. 


A function is recursive iff it is a total partial recursive function. 


Obviously, the class of primitive recursive functions is a subclass of the 
class of recursive functions. Contrary to the other closure operations, if f is 
obtained by minimization from a total function g, f is not necessarily a total 
function. For example, if g is the function such that g(z,y) = «+y+1, 
miny(g(x, y) = 0) is the partial function undefined everywhere. 


It can be shown that there are (total) recursive functions that are not 
primitive recursive. The following function kown as Ackermann’s function is 
such as example: (See example 2.1.1, in Chapter 2.) 


EXAMPLE 7.7.1 
A(a,y) =if «=0 then y+1 
else if y= 0 then A(a — 1,1) 
else A(x — 1, A(x, y — 1)) 


A problem A (encoded as a set of natural numbers) is said to be decidable 
iff there is a (total) recursive function hy such that for alln EN, 


neEA iff ha(n) =1, otherwise ha(n) = 0. 


A problem A is partially decidable iff there is a partial recursive function h, 
such that for alln EN, 


né€A iff ha(n) =1, otherwise either h,4 is undefined or ha(n) = 0. 


Church’s theorem states that the problem of deciding whether a first- 
order formula is valid is partially decidable, but is not decidable (see Enderton, 
1972; Monk, 1976; Lewis and Papadimitriou, 1981). 


We conclude with a short list of examples of primitive recursive func- 
tions. One of the unpleasant properties of definition 7.7.4 is the rigid format 
of primitive recursion, which forces one to use projections and composition to 
permute or drop arguments. Since the purpose of this section is only to give 
a superficial idea of what the primitive recursive functions are, we will ignore 
these details in the definitions given below. We leave as a (tedious) exercise to 
the reader the task to rewrite the definitions below so that they fit definition 
7.7.4. 
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7.7.4 Some Primitive Recursive Functions 
EXAMPLE 7.7.2 

(a) Addition: 


a+0= P;(z) 
xt+(y+1)=S(#+y) 


(b) Multiplication: 
xrx*x0= Z(z) 
xx(ytl)=(a*y)+e2 
(c) Exponentiation: 


exp(x,0) =1 
exp(z,y +1) = exp(z,y) * x 


(d) Factorial: 
fact(0) =1 


fact(y +1) = fact(y) * S(y) 
(e) Iterated exponentiation: 
ex(0) =0 
ex(y + 1) = exp(2, ea(y)) 
(f) N-th prime number: 


pr(a) = the z-th prime number. 


PROBLEMS 


7.7.1. Prove that composition and primitive recursion applied to total func- 
tions yield total functions. 


7.7.2. Prove that the functions given in example 7.7.2 are primitive recur- 
sive. 
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Notes and Suggestions for Further Reading 


Gentzen’s cut elimination theorem, Gentzen’s sharpened Hauptsatz, and Her- 
brand’s theorem are perhaps the most fundamental proof-theoretic results of 
first-order logic. 


Gentzen’s theorems show that there are normal forms for proofs, and re- 
duce the provability of a first-order sentence to the provability of a quantifier- 
free formula. Similarly, Herbrand’s theorem provides a deep characterization 
of the notion of provability, and a reduction to the quantifier-free case. 


Interestingly, Herbrand’s proof (Herbrand, 1971) and Gentzen’s proofs 
(Szabo, 1969) are significantly different. It is often felt that Herbrand’s argu- 
ments are difficult to follow, whereas Gentzen’s arguments are crystal clear. 


Since Gentzen’s Hauptsatz requires formulae to be prenex, but Her- 
brand’s original theorem holds for arbitrary formulae, it is often said that 
Herbrand’s theorem is more general than Gentzen’s sharpened Hauptsatz. 
However, using Kleene’s method (presented in Section 7.5) and the method 
partially developed in Section 7.4, it appears that this is not the case. 


For more on Gentzen systems, the reader is referred to Szabo, 1969; 
Takeuti, 1975; Kleene, 1952; Smullyan, 1968; Prawitz, 1965; and Schwichten- 
berg’s article in Barwise, 1977. Another interesting application of Herbrand’s 
theorem is its use to find decidable classes of formulae. The reader is referred 
to Dreben and Goldfarb, 1979. A companion book by Lewis (Lewis, 1979) 
deals with unsolvable classes of formulae. 


We have not explored complexity issues related to Herbrand’s theorem, 
or Gentzen’s theorems, but these are interesting. It is known that a proof of 
a sentence can be transformed into a proof of a disjunction of quantifier-free 
(ground) instances of that sentence, and that the transformation is primitive 
recursive, but how complex is the resulting proof? 


A result of Statman (Statman, 1979) shows that a significant increase 
in the length of the proof can occur. It is shown in Statman, 1979, that 
for a certain set X of universally quantified equations, for each n, there is a 
closed equation E,, such that E,, is provable from X in a proof of size linear 
in n, but that for any set Y of ground instances of equations in X such that 
Y — E, is provable, Y has cardinality at least ex(n)/2, where ex(n) is the 
iterated exponential function defined at the end of Section 7.7. For related 
considerations, the reader is referred to Statman’s article in Barwise, 1977. 


Another interesting topic that we have not discussed is the possibility 
of extending Herbrand’s theorem to higher-order logic. Such a generalization 
is investigated in Miller, 1984. 


Chapter 8 


Resolution In 
First-Order Logic 


8.1 Introduction 


In this chapter, the resolution method presented in Chapter 4 for propositional 
logic is extended to first-order logic without equality. The point of departure 
is the Skolem-Herbrand-Gédel theorem (theorem 7.6.1). Recall that this the- 
orem says that a sentence A is unsatisfiable iff some compound instance C of 
the Skolem form B of A is unsatisfiable. This suggests the following procedure 
for checking unsatisfiability: 


Enumerate the compound instances of B systematically one by one, 
testing each time a new compound instance C’ is generated, whether C' is 
unsatisfiable. 


If we are considering a first-order language without equality, there are 
algorithms for testing whether a quantifier-free formula is valid (for example, 
the search procedure) and, if B is unsatisfiable, this will be eventually discov- 
ered. Indeed, the search procedure halts for every compound instance, and 
for some compound instance C,, =C' will be found valid. 


If the logic contains equality, the situation is more complex. This is 
because the search procedure does not necessarily halt for quantifier-free for- 
mulae that are not valid. Hence, it is possible that the procedure for checking 
unsatisfiability will run forever even if B is unsatisfiable, because the search 
procedure can run forever for some compound instance that is not unsatisfi- 
able. We can fix the problem as follows: 
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Interleave the generation of compound instances with the process of 
checking whether a compound instance is unsatisfiable, proceeding by rounds. 
A round consists in running the search procedure a fixed number of steps for 
each compound instance being tested, and then generating a new compound 
instance. The process is repeated with the new set of compound instances. 
In this fashion, at the end of each round, we have made progress in checking 
the unsatisfiability of all the activated compound instances, but we have also 
made progress in the number of compound instances being considered. 


Needless to say, such a method is horribly inefficient. Actually, it is 
possible to design an algorithm for testing the unsatisfiability of a quantifier- 
free formula with equality by extending the congruence closure method of 
Oppen and Nelson (Nelson and Oppen, 1980). This extension is presented in 
Chapter 10. 


In the case of a language without equality, any algorithm for deciding 
the unsatisfiability of a quantifier-free formula can be used. However, the 
choice of such an algorithm is constrained by the need for efficiency. Several 
methods have been proposed. The search procedure can be used, but this is 
probably the least efficient choice. If the compound instances C' are in CNF, 
the resolution method of Chapter 4 is a possible candidate. Another method 
called the method of matings has also been proposed by Andrews (Andrews, 
1981). 


In this chapter, we are going to explore the method using resolution. 
Such a method is called ground resolution, because it is applied to quantifier- 
free clauses with no variables. 


From the point of view of efficiency, there is an undesirable feature, 
which is the need for systematically generating compound instances. Unfor- 
tunately, there is no hope that the process of finding a refutation can be purely 
mechanical. Indeed, by Church’s theorem (mentioned in the remark after the 
proof of theorem 5.5.1), there is no algorithm for deciding the unsatisfiability 
(validity) of a formula. 


There is a way of avoiding the systematic generation of compound in- 
stances due to J. A. Robinson (Robinson, 1965). The idea is not to generate 
compound instances at all, but instead to generalize the resolution method so 
that it applies directly to the clauses in B, as opposed to the (ground) clauses 
in the compound instance C’. The completeness of this method was shown by 
Robinson. The method is to show that every ground refutation can be lifted 
to a refutation operating on the original clauses, as opposed to the closed (or 
ground) substitution instances. In order to perform this lifting operation the 
process of unification must be introduced. We shall define these concepts in 
the following sections. 


It is also possible to extend the resolution method to first-order lan- 
guages with equality using the paramodulation method due to Robinson and 
Wos (Robinson and Wos, 1969, Loveland, 1978), but the completeness proof is 
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rather delicate. Hence, we will restrict our attention to first-order languages 
without equality, and refer the interested reader to Loveland, 1978, for an 
exposition of paramodulation. 


As in Chapter 4, the resolution method for first-order logic (without 
equality) is applied to special conjunctions of formulae called clauses. Hence, 
it is necessary to convert a sentence A into a sentence A’ in clause form, such 
that A is unsatisfiable iff A’ is unsatisfiable. The conversion process is defined 
below. 


8.2 Formulae in Clause Form 
First, we define the notion of a formula in clause form. 


Definition 8.2.1 As in the propositional case, a literal is either an atomic 
formula B, or the negation —B of an atomic formula. Given a literal LD, its 
conjugate L is defined such that, if L = B then L = -B, else if L = =B 
then L = B. A sentence A is in clause form iff it is a conjunction of (prenex) 
sentences of the form Vx1...V%;,C, where C is a disjunction of literals, and the 
sets of bound variables {21,...,2,} are disjoint for any two distinct clauses. 
Each sentence Vr1...V%mC is called a clause. If a clause in A has no quantifiers 
and does not contain any variables, we say that it is a ground clause. 


For simplicity of notation, the universal quantifiers are usually omitted 
in writing clauses. 


Lemma 8.2.1 For every (rectified) sentence A, a sentence B’ in clause form 
such that A is valid iff B’ is unsatisfiable can be constructed. 


Proof: Given a sentence A, first B = 7A is converted to B, in NNF 
using lemma 6.4.1. Then By, is converted to By in Skolem normal form using 
the method of definition 7.6.2. Next, by lemma 7.2.1, By is converted to Bs in 
prenex form. Next, the matrix of B3 is converted to conjunctive normal form 
using theorem 3.4.2, yielding By. In this step, theorem 3.4.2 is applicable 
because the matrix is quantifier free. Finally, the quantifiers are distributed 
over each conjunct using the valid formula Vz(A A B) = VaA A VB, and 
renamed apart using lemma 5.3.4. 


Let the resulting sentence be called B’. The resulting formula B’ is a 
conjunction of clauses. 


By lemma 6.4.1, B is unsatisfiable iff B, is. By lemma 7.6.3, By is 
unsatisfiable iff By is. By lemma 7.2.1, Bo is unsatisfiable iff Bs is. By theorem 
3.4.2 and lemma 5.3.7, Bs is unsatisfiable iff By is. Finally, by lemma 5.3.4 
and lemma 5.3.7, By is unsatisfiable iff B’ is. Hence, B is unsatisfiable iff 
B' is. Since A is valid iff B = —A is unsatisfiable, then A is valid iff B’ is 
unsatisfiable. 
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EXAMPLE 8.2.1 


Let 
A= 74dyV2(P(z,y) = 735a(P(z,x) A P(a, z))). 


First, we negate A and eliminate =. We obtain the sentence 


dyV2z[(4P(z, y) V mda(P(z,2) A P(a,z)))A 
da(P(z,x) \ P(x, z)) V P(z,y))). 


— 


Next, we put in this formula in NNF: 


AyV2[(4P(z, y) V Va(>P(z, 2) V AP(a, z)))A 
da(P(z,x) \ P(«,z)) V P(z,y))). 


— 


Next, we eliminate existential quantifiers, by the introduction of Skolem 
symbols: 


Vz[(4P(z, a) V Va(>P(z,2) V aP(a,z)))A 
((P(z, F(z) A PF (2), 2)) V Plz, a))].- 


We now put in prenex form: 


V2eVal(4P(z, a) V (>P(z,2) V a>P(a,2z)))A 
((P(z, F(z) A PUF (2), 2) V Plz, a))]- 


We put in CNF by distributing A over V: 
V2Val(4P(z,a) V>P(z,2) V a=P(a, z))A 
(P(z, f(2)) V P(z,a)) A (PF (2), 2)) V Plz, 4))]- 
Omitting universal quantifiers, we have the following three clauses: 


Cy = (4P(21,a) V AP(21, 2) V >P(2, 21)), 
C2 = (P(z2, f(z2)) V P(z2,a)) and 
C3 = (P(f(z3), 23) V P(z3,4)). 


We will now show that we can prove that B = —A is unsatisfiable, by 
instantiating C;, C2, C3 to ground clauses and use the resolution method of 
Chapter 4. 


8.3 Ground Resolution 


The ground resolution method is the resolution method applied to sets of 
ground clauses. 
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EXAMPLE 8.3.1 


Consider the following ground clauses obtained by substitution from C}, 


Co and C3: 
G, = (-P(a,a)) (from C), substituting a for x and z;) 
G2 = (P(a, f(a)) V P(a,a)) (from C2, substituting a for z2) 
G3 = (P(f(a),a)) V P(a,a)) (from C3, substituting a for z3). 
( 


G4 = (=P(f(a), a) V a=P(a, f(a))) (from C1, substituting f(a) 


for z, and a for x). 


The following is a refutation by (ground) resolution of the set of ground 
clauses G1, Go, G3, G4. 


We have the following useful result. 


Lemma 8.3.1 (Completeness of ground resolution) The ground resolution 
method is complete for ground clauses. 


Proof: Observe that the systems G’ and GCNF” are complete for 
quantifier-free formulae of a first-order language without equality. Hence, 
by theorem 4.3.1, the resolution method is also complete for sets of ground 
clauses. 


However, note that this is not the case for quantifier-free formulae with 
equality, due to the need for equality axioms and for inessential cuts, in order 
to retain completeness. 


Since we have shown that a conjunction of ground instances of the clauses 
C1, Co, C3 of example 8.2.1 is unsatisfiable, by the Skolem-Herbrand-Gédel 
theorem, the sentence A of example 8.2.1 is valid. 


Summarizing the above, we have a method for finding whether a sen- 
tence B is unsatisfiable known as ground resolution. This method consists in 
converting the sentence B into a set of clauses B’, instantiating these clauses 
to ground clauses, and applying the ground resolution method. 


By the completeness of resolution for propositional logic (theorem 4.3.1), 
and the Skolem-Herbrand-Gédel theorem (actually the corollary to theorem 
7.6.1 suffices, since the clauses are in CNF, and so in NNF), this method is 
complete. 
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However, we were lucky to find so easily the ground clauses G1, Go, G3 
and G4. In general, all one can do is enumerate ground instances one by one, 
testing for the unsatisfiabiliy of the current set of ground clauses each time. 
This can be a very costly process, both in terms of time and space. 


8.4 Unification and the Unification Algorithm 


The fundamental concept that allows the lifting of the ground resolution 
method to the first-order case is that of a most general unifier. 


8.4.1 Unifiers and Most General Unifiers 


We have already mentioned that Robinson has generalized ground resolution 
to arbitrary clauses, so that the systematic generation of ground clauses is 
unnecessary. 


The new ingredient in this new form of resolution is that in forming the 
resolvent, one is allowed to apply substitutions to the parent clauses. 


For example, to obtain {P(a, f(a))} from 


Cy = (4P(21, 0a) V 7P(21,2) V 7>P(a,21)) and 
Cz = (P(22, f(z2)) V P(ze,4)), 


first we substitute a for z,, a for x, and a for 22, obtaining 
Gi =(>P(a,a)) and G2 = (P(a, f(a)) V P(a,a)), 


and then we resolve on the literal P(a, a). 


Note that the two sets of literals {P(z1, a), P(z1, x), P(a, z1)} and {P(za, 
a)} obtained by dropping the negation sign in Cy have been “unified” by the 
substitution (a/a,a/z1,a/Z2). 


In general, given two clauses B and C' whose variables are disjoint, given 
a substitution o having as support the union of the sets of variables in B and 
C, if o(B) and o(C) contain a literal Q and its conjugate, there must be a 
subset {Bj,...,Bm} of the sets of literals of B, and a subset {C1,...,Cn} of 
the set of literals in C' such that 


o(B\) =... = 0(Bm) = 0(C1) =... = o(C)). 


We say that o is a unifier for the set of literals {By,..., Bm, C1,...,Cn}. Robin- 
son showed that there is an algorithm called the unification algorithm, for 
deciding whether a set of literals is unifiable, and if so, the algorithm yields 
what is called a most general unifier (Robinson, 1965). We will now explain 
these concepts in detail. 
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Definition 8.4.1 Given a substitution o, let D(c) = {x | a(x) 4 x} denote 
the support of o, and let I(7) = U,enio) FV (o(x)). Given two substitutions 


o and 6, their composition denoted o06 is the substitution aod (recall that bis 
the unique homomorphic extension of 9). It is easily shown that the substitu- 
tion 700 is the restriction of G08 to V. If o has support {£1, -.,%m} and o(a;) 
= s; fori = 1,...,m, we also denote the substitution o by (81/21, ...,8m/2m). 


The notions of a unifier and a most general unifier are defined for ar- 
bitrary trees over a ranked alphabet (see Subsection 2.2.6). Since terms and 
atomic formulae have an obvious representation as trees (rigorously, since they 
are freely generated, we could define a bijection recursively), it is perfectly 
suitable to deal with trees, and in fact, this is intuitively more appealing due 
to the graphical nature of trees. 


Definition 8.4.2 Given a ranked alphabet ©, given any set S = {tj,...,tn} 
of finite X-trees, we say that a substitution o is a unifier of S' iff 


a(ty) SH. a(tn). 


We say that a substitution o is a most general unifier of S iff it is a unifier of 
S, the support of o is a subset of the set of variables occurring in the set S, 
and for any other unifier o’ of S, there is a substitution @ such that 


a’ =a08. 


The tree t = o(t,) =... = a(tn) is called a most common instance of ty,...,tn. 


EXAMPLE 8.4.1 


(i) Let t1 = f(x, g(y)) and te = f(g(u), g(z)). The substitution (g(u)/z, 
y/z) is a most general unifier yielding the most common instance f(g(u), 


g(y)). 


(ii) However, t; = f(x, g(y)) and t2 = f(g(u),h(z)) are not unifiable 
since this requires g = h. 


(iii) A slightly more devious case of non unifiability is the following: 


Let ti = f(x, 9(x),x) and te = f(g(u), g(g(z)),z). To unify these two 
trees, we must have x = g(u) = z. But we also need g(x) = g(g(z)), 
that is, « = g(z). This implies z = g(z), which is impossible for finite 
trees. 


This last example suggest that unifying trees is similar to solving systems 
of equations by variable elimination, and there is indeed such an analogy. This 
analogy is explicated in Gorn, 1984. First, we show that we can reduce the 
problem of unifying any set of trees to the problem of unifying two trees. 


Lemma 8.4.1 Let f4,...,tm be any m trees, and let # be a symbol of rank 
m not occurring in any of these trees. A substitution o is a unifier for the set 
{t1,...,¢m} iff o is a unifier for the set {#(t1,...,tm), #(t1,...,t1)}. 
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Proof: Since a substitution o is a homomorphism (see definition 7.5.3), 


(o(t1),---;0(tm)) and 


Hence, 


Before showing that if a set of trees is unifiable then it has a most general 
unifier, we note that most general unifiers are essentially unique when they 
exist. Lemma 8.4.2 holds even if the support of mgu’s is not a subset of 
FV(S). 


Lemma 8.4.2 Ifa set of trees S is unifiable and o and @ are any two most 
general unifiers for S, then there exists a substitution p such that 6 = 00 p, 
p is a bijection between I(a) U (D(6) — D(c)) and I(6) U (D(a) — D(@)), and 
D(p) = I(o) U (D(@) — D(o)) and p(x) is a variable for every x € D(p). 
Proof: First, note that a bijective substitution must be a bijective re- 
naming of variables. Let f|,4 denote the restriction of a function f to A. 
If p is bijective, there is a substitution p’ such that (po p’)|p(p) = Id and 
(p' © p)|p(p) = Id. But then, if p(x) is not a variable for some « in the sup- 
port of p, p(x) is a constant or a tree t of depth > 1. Since (p° p’)| pip) = Id, 
we have p’(t) = x. Since a substitution is a homomorphism, if t is a con- 
stant c, p'(c) = c # x, and otherwise p’(t) has depth at least 1, and so 
p'(t) 4 x. Hence, p(a) must be a variable for every x (and similarly for p’). 
A reasoning similar to the above also shows that for any two substitutions 
o and p, if o = oo #, then p is the identity on I(o). But then, if both o 
and @ are most general unifiers, there exist o’ and 6’ such that 0 = 00 6’ and 
a = 600’. Thus, D(o’) = 1(@)U(D(o) — D(@)), D(@’) = I(a) U(D(6) — D(o)), 
9 =600(0'06’), and o =a0(6'00"). We claim that (0’ 0 6’)|p(o) = Id, and 
(0 00')|pio) = Id. We prove that (0’ 0 4")|p(g7) = Id, the other case being 
similar. For x € I(0), 0’ 06'(x) = & follows from above. For x € D(a) — D(8), 
then x = 0(x) = 0'(o(a)), and so, a(x) = y, and 6’(y) = x, for some variable 
y. Also, o(a@) = y = 0'(0(x)) = o'(x). Hence, o/ 0 &’(%) = x. Since D(6’) and 
D(a‘) are finite, 0’ is a bijection between D(6’) and D(o’). Letting p = 0, 
the lemma holds. 


We shall now present a version of Robinson’s unification algorithm. 


8.4.2 The Unification Algorithm 


In view of lemma 8.4.1, we restrict our attention to pairs of trees. The main 
idea of the unification algorithm is to find how two trees “disagree,” and try 
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to force them to agree by substituting trees for variables, if possible. There 
are two types of disagreements: 


(1) Fatal disagreements, which are of two kinds: 


(i) For some tree address u both in dom(t,) and dom(t2), the labels 
t1(u) and t2(u) are not variables and ti(u) 4 te(u). This is illus- 
trated by case (ii) in example 8.4.1; 


(ii) For some tree address wu in both dom(t,) and dom(tz), ti(u) is 
a variable say x, and the subtree t2/u rooted at u in tg is not 
a variable and «x occurs in t2/u (or the symmetric case in which 
to(u) is a variable and t,/w isn’t). This is illustrated in case (iii) 
of example 8.4.1. 


(2) Repairable disagreements: For some tree address u both in dom(t,) and 
dom(t2), t1(u) is a variable and the subtree t2/u rooted at u in ty does 
not contain the variable t;(w). 


In case (1), unification is impossible (although if we allowed infinite trees, 
disagreements of type (1)(ii) could be fixed; see Gorn, 1984). In case (2), we 
force “local agreement” by substituting the subtree t2/u for all occurrences of 
the variable x in both t; and fg. 


It is rather clear that we need a systematic method for finding disagree- 
ments in trees. Depending on the representation chosen for trees, the method 
will vary. In most presentations of unification, it is usually assumed that 
trees are represented as parenthesized expressions, and that the two strings 
are scanned from left to right until a disagreement is found. However, an 
actual method for doing so is usually not given explicitly. We believe that in 
order to give a clearer description of the unification algorithm, it is better to 
be more explicit about the method for finding disagreements, and that it is 
also better not to be tied to any string representation of trees. Hence, we will 
give a recursive algorithm inspired from J. A. Robinson’s original algorithm, 
in which trees are defined in terms of tree domains (as in Section 2.2), and the 
disagreements are discovered by performing two parallel top-down traversals 
of the trees t; and to. 


The type of traversal that we shall be using is a recursive traversal in 
which the root is visited first, and then, from left to right, the subtrees of the 
root are recursively visited (this kind of traversal is called a preorder traversal, 
see Knuth, 1968, Vol. 1). We define some useful functions on trees. (The 
reader is advised to review the definitions concerning trees given in Section 
2.2.) 


Definition 8.4.3. For any tree t, for any tree address u € dom(t): 
leaf(u) = true iff u is a leaf; 
variable(t(u)) = true iff t(u) is a variable; 
left(u) = if leaf(u) then nil else ul; 
right(ut) = if u(i+1) € dom(t) then u(t + 1) else nil. 
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We also assume that we have a function dosubstitution(t, a), where t is 
a tree and o is a substitution. 


Definition 8.4.4 (A unification algorithm) The formal parameters of the 
algorithm unification are the two input trees t; and tz, an output flag indicat- 
ing whether the two trees are unifiable or not (uni fiable), and a most general 
unifier (uni fier) (if it exists). 


The main program unification calls the recursive procedure unify, which 
performs the unification recursively and needs procedure test-and-substitute 
to repair disagreements found, as in case (2) discussed above. The variables 
treel and tree2 denote trees (of type tree), and the variables node, newnode 
are tree addresses (of type treereference). The variable unifier is used to 
build a most general unifier (if any), and the variable newpair is used to form 
a new substitution component (of the form (t/a), where ¢ is a tree and x 
is a variable). The function compose is simply function composition, where 
compose(uni fier, newpair) is the result of composing unifier and newpair, 
in this order. The variables treel, tree2, and node are global variables to 
the procedure unification. Whenever a new disageement is resolved in test- 
and-substitute, we also apply the substitution newpair to treel and tree2 to 
remove the disagreement. This step is not really necessary, since at any time, 
dosubstitution(t,, unifier) = treel and dosubstitution(t2, unifier) = tree2, 
but it simplifies the algorithm. 


Procedure to Unify Two Trees t, and tz 


procedure uni fication(t1, te : tree; var unifiable : boolean; 
var unifier : substitution); 
var node : treere ference; treel, tree2 : tree; 


procedure test-and-substitute(var node : treere ference; 
var treel, tree2 : tree; 
var unifier : substitution; var unifiable : boolean); 
var newpair : substitution; 


{This procedure tests whether the variable treel(node) belongs 
to the subtree of tree2 rooted at node. If it does, the 
unification fails. Otherwise, a new substitution newpair 
consisting of the subtree tree2/node and the variable 
treel(node) is formed, the current uni fier is composed with 
newpair, and the new pair is added to the uni fier. 

To simplify the algorithm, we also apply newpair to treel 

and tree2 to remove the disagreement} 


begin 
{test whether the variable treel(node) belongs to the 
subtree tree2/node, known in the literature as “occur check” } 


386 


8/Resolution In First-Order Logic 


if treel(node) € tree2/node then 
uni fiable := false 
else 


{create a new substitution pair consisting of the 
subtree tree2/node at address node, and the 
variable treel(node) at node in treel} 


newpair := ((tree2/node) /treel(node)); 


{compose the current partial unifier with 
the new pair newpair } 


uni fier := compose(unifier, newpair); 


{updates the two trees so that they now agree on 
the subtrees at node} 


treel := dosubstitution(treel, newpair); 
tree2 := dosubstitution(tree2, newpair) 
endif 
end test-and-substitute; 


procedure unify(var node : treere ference; 
var unifiable : boolean; var uni fier : substitution); 
var newnode : treere ference; 


{Procedure unify recursively unifies the subtree 
of treel at node and the subtree of tree2 at node} 


begin 
if treel(node) <> tree2(node) then 
{the labels of treel(node) and tree2(node) disagree} 
if variable(treel(node)) or variable(tree2(node)) then 
{one of the two labels is a variable} 
if variable(treel(node)) then 
test-and-substitute(node, treel1, tree2, uni fier, uni fiable) 
else 
test-and-substitute(node, tree2, tree1, uni fier, uni fiable) 
endif 
else 
{the labels of treel(node) and tree2(node) 
disagree and are not variables} 
unt fiable := false 
endif 
endif, 
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{At this point, if unifiable = true, the labels at node 
agree. We recursively unify the immediate subtrees of node 
in treel and tree2 from left to right, if node is not a leaf} 


if (left(node) <> nil) and unifiable then 
newnode := le ft(node); 
while (newnode <> nil) and uni fiable do 
uni fy(newnode, uni fiable, uni fier); 
if uni fiable then 
newnode := right(newnode) 
endif 
endwhile 
endif 
end unify; 


Body of Procedure Unification 


begin 
treel := t1; 
tree2 := to; 
uni fiable := true; 
unifier := nil; {empty unification} 
node := e; {start from the root} 


uni fy(node, uni fiable, uni fier) 
end unification 


Note that if successful, the algorithm could also return the tree treel 
(or tree2), which is a most common form of t; and tg. As presented, the 
algorithm performs a single parallel traversal, but we also have the cost of the 
occur check in test-and-substitute, and the cost of the substitutions. Let us 
illustrate how the algorithm works. 


EXAMPLE 8.4.2 


Let t; = f(a, f(x, y)) and to = f(g(y), f(g(a), z)), which are represented 
as trees as follows: 


Tree t1 
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Tree to 
‘6 
A NS 

g f 

L ae XS 

7] g z 
1 
a 


Initially, treel = t), tree2 = to and node = e. The first disagreement 
is found for node = 1. We form newpair = (g(y)/x), and unifier = 
newpair. After applying newpair to treel and tree2, we have: 


Tree treel 
f 
7. a 
g f 
L w SY 
y g y 
1 
y 
Tree tree2 
f 
ve % 
g f 
1 we Sy 
¥y g z 
fh 
a 


The next disagreement is found for node = 211. We find that newpair = 
(a/y), and compose uni fier = (g(y)/x) with newpair, obtaining (g(a)/ 
x,a/y). After applying newpair to treel and tree2, we have: 


Tree treel 
f 
Vl Sy 
g ef 
d. Le AS 
a g a 
L 
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Tree tree2 
f. 
a SY 

g f 

1 re Ny 

a g Zz 
I 
a 


The last disagreement occurs for node = 22. We form newpair = (a/z), 
and compose unifier with newpair, obtaining 


uni fier = (g(a)/x,a/y,a/z). 


The algorithm stops successfully with the most general unifier (g(a)/z, 
a/y,a/z), and the trees are unified to the last value of treel. 


In order to prove the correctness of the unification algorithm, the fol- 
lowing lemma will be needed. 


Lemma 8.4.3 Let # be any constant. Given any two trees f(51,...,,) and 
f(ti,...,tn) the following properties hold: 


(a) For any i, 1 <i <n, if o is a most general unifier for the trees 


F (815-4) S415 Hs 5 F) and F(ti,.-,ti-1,#, -- #), then 
f (51, --55i,#,--,#) and f(ti,...,t:,#,...,4#) are unifiable iff 
o(f(s1,..-, $i,#,--,#)) and o(f(ti,...,ti,#,...,#)) are unifiable. 


(b) For any i, 1 < i < n, if o is a most general unifier for the trees 
f(S1,---, $i-1, #, --., #) and f(t1,...,ti-1,#,..., #), and @ is a most general uni- 
fier for the trees o(s;) and o(t;), then o o @ is a most general unifier for the 


trees f(s1, 385 83556; wy F#) and f(t, wees by HE; Asyge)s 


Proof: (a) The case i = 1 is trivial. Clearly, if o is a most general uni- 
fier for the trees f(s1,...,5:-1,#,...,#) and f(h,...,ti-1,#,...,#) and if the 
trees o(f(S1,...,5i,#,--,#)) and o(f(t1,...,t:,#,...,#)) are unifiable, then 
f(S1,---5 $i, #,---,#) and f(t,,...,t;,#,...,#) are unifiable. 


We now prove the other direction. Let 6 be a unifier for 


f (81, +5 i; #, 5 #) and f (ti, -.5 ti, #,  #)- 


Then, 
0(s1) = O(t1), seey (s;) = O(t;). 
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Hence, @ is a unifier for 


f ($1, +5 $i-1, #; «5 #) and f (ti, -.-) ti-1, #;, ---y #)- 


Since o is a most general unifier, there is some 6’ such that 6 = 00 6’. Then, 


O (o(f (81, +65 885 Hy 5 HE))) = OCF (81, «5 $i, Hs #)) 
= Of (try es bis Hs #)) = OOF (ty tis Hs ))), 


which shows that 6’ unifies 


o(f(s1,.--,$i,#,--,#)) and o(f(ti,...,ti,#,...,#)). 


(b) Again, the case i = 1 is trivial. Otherwise, clearly, 
o(s1) = o(t1),...,0(8;-1) = o(ti_-1) and 6(0(s;)) = O(a (E;)) 
implies that o o @ is a unifier of 
f (81,5 5i,#,--,#) and f(t,...,t,#,...,#). 
If A unifies f(s1,..., 5:,#,..., #) and f(ti,...,ti, #,...,#), then 
A(s1) = A(t), .--, A(Si) = ACE). 
Hence, A unifies 


f ($1, ++; $i-1, #; + #) and f (ti, -.-) ti-1, #, ---) #)- 


Since o is a most general unifier of these two trees, there is some o’ such that 
\=o000". But then, since A(s;) = A(t;), we have o/(a(s;)) = o’(o(t;)), and 
since @ is a most general unifier of o(s;) and o(t;), there is some 6’ such that 
a’ =0080'. Hence, 

A=c0(900)=(coOA) of, 


which proves that o o @ is a most general unifier of f(s1,...,9:,#,...,#) and 
fGen tig #). 


We will now prove the correctness of the unification algorithm. 


Theorem 8.4.1 (Correctness of the unification algorithm) (i) Given any 
two finite trees t; and tz, the unification algorithm always halts. It halts with 
output uni fiable = true iff t; and t2 are unifiable. 


(ii) If t; and tz are unifiable, then they have a most general unifier and 
the output of procedure unify is a most general unifier. 


Proof: Clearly, the procedure test-and-substitute always terminates, and 
we only have to prove the termination of the unify procedure. The difficulty 
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in proving termination is that the trees treel and tree2 may grow. However, 
this can only happen if test-and-substitute is called, and in that case, since 
unifiable is not false iff the variable x = treel(node) does not belong to 
t = tree2/node, after the substitution of ¢ for all occurrences of x in both 
treel and tree2, the variable x has been completely eliminated from both 
treel and tree2. This suggests to try a proof by induction over the well- 
founded lexicographic ordering << defined such that, for all pairs (m,t) and 
(m’,t’), where m, m’ are natural numbers and ¢, t’ are finite trees, 


(m,t) << (m’,t') iff either m < m’, 


or m =m’ and t is a proper subtree of t’. 


We shall actually prove the input-output correctness assertion stated 
below for the procedure uni fy. 


Let so and to be two given finite trees, 0 a substitution such that none 
of the variables in the support of o is in o(sq) or o(to), wu any tree address 
in both dom(o(so)) and dom(a(to)), and let s = o(s9)/u and t = o(to)/u. 
Let treelo, tree2o, nodeg, unifiablep and unifiero be the input values of 
the variables treel, tree2, unifiable, and unifier, and treel’, tree2’, node’ 
unifiable’ and unifier’ be their output value (if any). Also, let mo be the 
sum of the number of variables in o(s9) and o(to), and m’ the sum of the 
number of variables in treel’ and tree2’. 


Correctness assertion: 


If treelo = o(8o), tree29 = o(to), nodeo = u, 


unifiableg =true and unifiero =o, then 


the following holds: 
(1) The procedure unify always terminates; 


(2) uni fiable’ = true iff s and ¢ are unifiable and, if uni fiable’ = true, 
then uni fier’ = 0 0 6, where 0 is a most general unifier of s and t, treel’ = 
unifier’(so), tree2’ = uni fier’ (to), and no variable in the support of uni fier’ 
occurs in treel’ or tree2’. 


(3) If treel’ 4 o(s) or tree2’ £ a(to) then m’ < mo, else m’ = mo. 


Proof of assertion: We proceed by complete induction on (m,s), where 
m is the sum of the number of variables in treel and tree2 and s is the subtree 
treel/node. 


(i) Assume that s is a constant and ¢ is not a variable, the case in 
which ¢ is a constant being similar. Then u is a leaf node in o(so). If t 4 s, 
the comparison of treel(node) and tree2(node) fails, and uni fiable is set to 
false. The procedure terminates with failure. If s = t, since wu is a leaf node 
in o(s9) and o(to), the procedure terminates with success, treel’ = a(5o), 
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tree2' = o(tg), and uni fier’ = o. Hence the assertion holds with the identity 
substitution for 0. 


(ii) Assume that s is a variable say x, the case in which t is a variable 
being similar. Then uw is a leaf node in o(so). If t = s, this case reduces 
to case (i). Otherwise, ¢ #4 x and the occur check is performed in test-and- 
substitute. If x occurs in t, then unifiable is set to false, and the procedure 
terminates. In this case, it is clear that x and ¢ are not unifiable, and the 
assertion holds. Otherwise, the substitution 6 = (t/a) is created, uni fier’ = 
70096, and treel’ = 0(a(s9)) = unifier’(so), tree2’ = 0(a(to)) = uni fier’ (to). 
Clearly, @ is a most general unifier of x and t, and since x does not occur in 
t, since no variable in the support of o occurs in o(sg) or (to), no variable 
in the support of unifier’ occurs in treel’ = 0(o(s9)) or tree2’ = O(a(S0)). 
Since the variable x does not occur in treel’ and tree2’, (3) also holds. Hence, 
the assertion holds. 


(iii) Both s and t have depth > 1. Assume that s = f(51,...,5m) and 
t= f'(ti,..,tn). If f # f’, the test treel(node) = tree2(node) fails, and 
unify halts with failure. Clearly, s and ¢ are not unifiable, and the claim 
holds. Otherwise, s = f(s1,...,8n) and t = f(t,...,tn). 

We shall prove the following claim by induction: 


Claim: (1) For every i, 1 < i < n+1, the first ¢ — 1 recursive calls 
in the while loop in unify halt with success iff f(s1,...,6;-1,#,...,#) and 
f(ti,...,ti-1,#,---,#) are unifiable, and otherwise one of the calls halts with 
failure; 


(2) If the first « — 1 recursive calls halt with success, the input values at 
the end of the (¢ — 1)-th iteration are: 


node; = ui, unifiable; =true, unifier; = 00 6;_-1, 


where 6;_; is a most general unifier for the trees f(s1,...,5i-1,#,-.-,#) and 
f(ti,...,ti-1,#,--., #), (with @ = Id, the identity substitution), 


treel; = unifier;(so), tree2; = unifier;(t), 


and no variable in the support of uni fier; occurs in treel,; or tree2;. 


(3) If treel; 4 treelg or tree2; 4 tree2o, if m; is the sum of the number 
of variables in treel; and tree2;, then m; < mo. 


Proof of claim: For i = 1, the claim holds because before entering the 
while loop for the first time, 


treely = 89, tree2}=to, node, = ul, 


unifier; =o, unifiable; = true. 


Now, for the induction step. We only need to consider the case where 
the first 2 — 1 recursive calls were successful. If we have treel; = treely and 
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tree2; = tree2o, then we can apply the induction hypothesis for the assertion 
to the address ui, since treelg/ui is a proper subtree of treelg/u. Otherwise, 
m4 < mo, and we can also also apply the induction hypothesis for the assertion 
to address uz. Note that 


treel;/u = 0:-1(f (81, .--) $i, --) 8n)) and 
tree2;/u = 0;_1(f (ti, ..., ti... 8n)), | simce 


unifier; = 00 6;_-1. 
By lemma 8.4.3(a), since 6;-1 is a most general unifier for the trees 


f (1, ++) $i-1, #, + #) and f(ti,..,ti-1,#, - #), then 
f(51,-55i,#,--,#) and f(t,...,t:,#,...,#) are unifiable, iff 
O:-1(f (81, ---) Si, #, 5 #)) and O:-if (ti, «5 ti, #, «5 #)) are unifiable. 


Hence, unify halts with success for this call for address uz, iff 


f($1,.55i,#,-,#) and f(ti,...,t:,#,...,7#) are unifiable. 


Otherwise, unify halts with failure. This proves part (1) of the claim. 


By part (2) of the assertion, the output value of the variable wni fier is 
of the form uni fier; o \;, where ; is a most general unifier for 0;-1(s;) and 
6;-1(t;) (the subtrees at ui), and since 6;-1 is a most general unifier for 


f ($1, 5 $i-1) Hy es #) and thins Shiseewh)s 


A; is a most general unifier for 


O31 F (81, +05 $8) Hy oe FH) and Opi t (Cigciy bis Fey ese) 


By lemma 8.4.3(b), 6;-1 0 A; is a most general unifier for 


f (S81, +5 Si, #, 5 #) and Ff (ti, 5 ti, #, - #)- 


Letting 
0; = 81-10%, 


it is easily seen that part (2) of the claim is satisfied. By part (3) of the 
assertion, part (3) of the claim also holds. 


This concludes the proof of the claim. 


For i = n+ 1, we see that all the recursive calls in the while loop halt 
successfully iff s and t are unifiable, and if s and ¢ are unifiable, when the loop 
is exited, we have 

unt fierns, = 7° On, 
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where 6,, is a most general unifier of s and f¢, 
treelns, = unifiernsi(so), tree2n41 = uni fierns1(to), 


and part (3) of the assertion also holds. This concludes the proof of the 
assertion. 


But now, we can apply the assertion to the input trees t; and to, with 
u = e, and o the identity substitution. The correctness assertion says that 
unify always halts, and if it halts with success, the output variable uni fier 
is a most general unifier for t; and tg. This concludes the correctness proof. 


The subject of unification is the object of current research because fast 
unification is crucial for the efficiency of programming logic systems such 
as PROLOG. Some fast unification algorithms have been published such as 
Paterson and Wegman, 1978; Martelli and Montanari, 1982; and Huet, 1976. 
For a survey on unification, see the article by Siekmann in Shostak, 1984a. 
Huet, 1976, also contains a thorough study of unification, including higher- 
order unification. 


PROBLEMS 


8.4.1. Convert the following formulae to clause form: 


vy 
Vax 


— 


dx(P(y, £) V 7Q(y, x) A aa(“P(2,y) V Q(x, y))) 

dyP(x,y) \-Q(y, 2)) V (Vyd2(R(z, y, 2) A -Q(y, z))) 
a(VedyP(a2,y) Dd (Vyd2z7Q(a, z) A Vy7VzR(y, 2))) 

VadyV2(du(Q(a,w) V R(a,y)) = 7Aw7du(Q(a2, w) A 7AR(a#,u))) 


— 


8.4.2. Apply the unification algorithm to the following clauses: 


{P(a,y),P(y, F(2))} 
{P(a,y, f(y)), Plz, 2, u)} 
{P(a,9(@)); Ply, wt 


{P(a, 9(@),y), P(z,u, g(u))} 
{P(9(2),¥),P(y.y), Plu, f(w))} 


8.4.3. Let S and T be two finite sets of terms such that the set of variables 
occurring in S is disjoint from the set of variables occurring in T. 
Prove that if SUT is unifiable, og is a most general unifier of S, or 
is a most general unifier of T', and og,7 is a most general unifier of 
os(S) U or(T), then 
Og 9OT COS.T 
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8.4.4. 


* 8.4.5. 


is a most general unifier of SUT. 


Show that the most general unifier of the following two trees contains 
a tree with 2”—! occurrences of the variable x1: 


f(9(@1, £1), 9(€2, 2), +5 g(@n—-1,%n—1)) and 


f (v2, £3, sila) 


Define the relation < on terms as follows: Given any two terms fj, 
ta, 


t; <to iff there is a substitution o such that tg = o(t1). 


Define the relation & such that 


ty = te iff ty < te and tg <4. 


~Y 


(a) Prove that < is reflexive and transitive and that & is an equiva- 


lence relation. 


(b) Prove that t; & ta iff there is a bijective renaming of variables p 
such that t; = p(t2). Show that the relation < induces a partial order- 
ing on the set of equivalence classes of terms modulo the equivalence 
relation =. 


(c) Prove that two terms have a least upper bound iff they have a 
most general unifier (use a separating substitution, see Section 8.5). 


(d) Prove that any two terms always have a greatest lower bound. 


Remark: The structure of the set of equivalence classes of terms mod- 
ulo = under the partial ordering < has been studied extensively in 
Huet, 1976. Huet has shown that this set is well founded, that every 
subset has a greatest lower bound, and that every bounded subset 
has a least upper bound. 


8.5 The Resolution Method for First-Order Logic 


Recall that we are considering first-order languages without equality. Also, 
recall that even though we usually omit quantifiers, clauses are universally 
quantified sentences. We extend the definition of a resolvent given in definition 
4.3.2 to arbitrary clauses using the notion of a most general unifier. 


8.5.1 Definition of the Method 


First, we define the concept of a separating pair of substitutions. 
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Definition 8.5.1 Given two clauses A and A’, a separating pair of substi- 
tutions is a pair of substitutions p and p’ such that: 


p has support FV(A), p’ has support F'V(A’), for every variable x in A, 
p(x) is a variable, for every variable y in A’, p’(y) is a variable, p and p’ are 
bijections, and the range of p and the range of p’ are disjoint. 


Given a set S of literals, we say that S is positive if all literals in S$ are 
atomic formulae, and we say that S' is negative if all literals in S are negations 
of atomic formulae. If a set S is positive or negative, we say that the literals in 
S are of the same sign. Given a set of literals S = {A1,..., Am}, the conjugate 
of S' is defined as the set 

S = {Aj,...,Am} 


of conjugates of literals in S. If S' is a positive set of literals we let |S| = S, 
and if S is a negative set of literals, we let |S| = S. 


Definition 8.5.2 Given two clauses A and B, a clause C is a resolvent of 
A and B iff the following holds: 


(i) There is a subset A’ = {Aj,..., Am} C A of literals all of the same 
sign, a subset B’ = {Bj,..., By} C B of literals all of the opposite sign of the 
set A’, and a separating pair of substitutions (p, p’) such that the set 


le(AY) U p'(B)| 


is unifiable; 


(ii) For some most general unifier o of the set 
|o(A) U p(B), 


we have 


C =0(p(A- A’) Up'(B-B’)). 


EXAMPLE 8.5.1 


Let 
A= {AP(z,a),73P(z,x),7P(x,z)} and 
B= {P(z, f(z)); Plz, @)}- 
Let 
A’ = {AP(z,a),-P(z,z)} and B’ = {P(z,a)}, 
p=(a/z), p! = (22/2). 
Then, 


|p(A’) U p'(B)| = {P(a1, 4), P(z1, 2), P(z2, a)} 
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is unifiable, 
o = (21 /22,a/2) 


is a most general unifier, and 
C= {7P(a, 21), Pla, f(a))} 


is a resolvent of A and B. 
If we take A’ = A, B’ = {P(z,a)}, 
|p(A’) U p(B’) = {P25 a), P(24,%), P(x, 2); P(z2, a)} 
is also unifiable, 
oa = (a/2,a/22,a/2) 


is the most general unifier, and 


C = {P(a, f(a))} 


is a resolvent. 
Hence, two clauses may have several resolvents. 


The generalization of definition 4.3.3 of a resolution DAG to the first- 
order case is now obvious. 


Definition 8.5.3 Given a set S = {C,...,C,,} of first-order clauses, a res- 
olution DAG for S is any finite set 


G = {(t1, Ri), ..., (tm, Rm)} 


of distinct DAGs labeled in the following way: 


(1) The leaf nodes of each underlying tree t; are labeled with clauses in 


(2) For every DAG (t;, R;), every nonleaf node u in t; is labeled with 
some triple (C,(p, p’),a), where C is a clause, (p, ’) is a separating pair of 
substitutions, 0 is a substitution and the following holds: 


For every nonleaf node u in t;, u has exactly two successors ul and u2, 
and if ul is labeled with a clause C; and uz is labeled with a clause C2 (not 
necessarily distinct from C}), then u is labeled with the triple (C; (p, p’),o), 
where (p, p’) is a separating pair of substitutions for C, and C2 and C is the 
resolvent of C; and C2 obtained with the most general unifier oc. 


A resolution DAG is a resolution refutation iff it consists of a single DAG 
(t, R) whose root is labeled with the empty clause. The nodes of a DAG that 
are not leaves are also called resolution steps. 
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We will often use a simplified form of the above definition by dropping 
(p, p’) and o from the interior nodes, and consider that nodes are labeled with 
clauses. This has the effect that it is not always obvious how a resolvent is 
obtained. 


EXAMPLE 8.5.2 
Consider the following clauses: 
C= {-P(z1, a), aP(4i;2),3P(@, z1)}, 
C2 = {P(22, f(22)),P(z2,a)} and 
C3 ZA {P(f (23), 23), P(z3, a) }- 


The following is a resolution refutation: 
C2 Ci C3 


({P(a, f(a))}, Ld, Id), ({P(f (a), a)}, Ud, Id), 
(a/21,a/z2,a/2x)) (a/z1,a/x,a/z3)) 


({>P(a, f(a))}, Ud, Id), (f(a)/21, 4/2) 


a> 


, (Id, Id), Id) 


8.5.2 Soundness of the Resolution Method 


In order to prove the soundness of the resolution method, we prove the fol- 
lowing lemma, analogous to lemma 4.3.1. 


Lemma 8.5.1 Given two clauses A and B, let C = o(p(A— A’) U p'(B- 
B’)) be any resolvent of A and B, for some subset A’ C A of literals of A, 
subset B’ C B of literals of B, separating pair of substitutions (p, p’), with 
p= (21/21, ---;2m/Lm); P' = (Zm41/Y1; + Zmtn/Yn) and most general unifier 
o = (t1/u1,...,th/uz), where {uy,...,uz} is a subset of {21,...,%min}. Also, 
let {v1,...,Up} = FV(C). Then, 


E (Va1...VamA A Vy1...VynB) D Vu1...VupC. 


Proof: We show that we can constuct a G-proof for 


(V21..VimA A Vy1...VYnB) 3 V1... WupC. 
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Note that {z1,...,%min} — {u1,...,u¢} is a subset of {v1,...,v,}. First, we 
perform p V : right steps using p entirely new variables w},...,w,. Let 


a’ =00 (wi/v1, +1) Wp/Up) = (t)/z1, vies Coratay | Sie 


be the substitution obtained by composing o and the substitution replacing 
each occurrence of the variable v; by the variable w;. Then, note that the 
support of o’ is disjoint from the set {w1,...,wp}, which means that for every 
tree ft, 

o!(t) = tlt, [21] Ltn 4n/2men] 


(the order being irrelevant). At this point, we have the sequent 
(Vr1..VtmA A Vy1..VynB) = o'(p(A — A’)), 0’ (p'(B — B’)). 


Then apply the A: left rule, obtaining 


21..V¢imA, Vy1...VYnB — o'(p(A— A’)),0'(p'(B — B’)). 


At this point, we apply m+nV: left rules as follows: If p(a;) is some variable 
uj, do the substitution t,/x;, else p(x;) is some variable v; not in {u1,.., Ux}, 
do the substitution w;/v;. 


If p'(y:) is some variable u;, do the substitution t//y;, else p’(y;) is some 
variable v; not in {w,...,uz}, do the substitution w,/v;. 


It is easy to verify that at the end of these steps, we have the sequent 


(a'(p(A — 4’)), Q), (0 (0'(B — B)),Q) > o'(0(A — 4’), 0'(p'(B — B’)) 


where Q = a'(p(A’)) and Q = o'(p'(B’)) are conjugate literals, because o is 
a most general unifier of the set |p(A’) U p’(B’)]. 


Hence, we have a quantifier-free sequent of the form 


(Ai V Q), (Az V 7Q) > Aj, Ao, 


and we conclude that this sequent is valid using the proof of lemma 4.3.1. 

As a consequence, we obtain the soundness of the resolution method. 
Lemma 8.5.2 (Soundness of resolution without equality) If a set of clauses 
has a resolution refutation DAG, then S is unsatisfiable. 


Proof: The proof is identical to the proof of lemma 4.3.2, but using 
lemma 8.5.1, as opposed to lemma 4.3.1. 
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8.5.3 Completeness of the Resolution Method 


In order to prove the completeness of the resolution method for first-order 
languages without equality, we shall prove the following lifting lemma. 


Lemma 8.5.3 (Lifting lemma) Let A and B be two clauses, 0; and a2 two 
substitutions such that o\(A) and o2(B) are ground, and assume that D is a 
resolvent of the ground clauses 0(A) and o2(B). Then, there is a resolvent 
C of A and B and a substitution @ such that D = 0(C). 


Proof: First, let (p, p’) be a separating pair of substitutions for A and 
B. Since p and p’ are bijections they have inverses p~! and ae Let a be 
the substitution formed by the union of p~! oa; and p-} © 02, which is well 
defined, since the supports of p~! and p'~! are disjoint. It is clear that 


o(p(A)) = o1(A) and o(p'(B)) = 72(B). 


Hence, we can work with p(A) and p’(B), whose sets of variables are disjoint. 
If D is a resolvent of the clauses o;(A) and o2(B), there is a ground literal Q 
such that o(p(A)) contains Q and o(p'(B)) contains its conjugate. Assume 
that Q is positive, the case in which Q is negative being similar. Then, there 
must exist subsets A’ = {Aj,...,Am} of A and B’ = {7B,,...,-B,} of B, 
such that 


o(p(A1)) =... = (p(Am)) = o(0'(Bi)) = 0(0"(Bn)) = Q, 


and o is a unifier of p(A’) U p’(B’). By theorem 8.4.1, there is a most general 
unifier A and a substitution @ such that 


a= X08. 
Let C be the resolvent 
C=No(A- AU p(B B’)). 


Clearly, 


D = (a(0(A)) — {Q}) U (o(0'(B)) — {-Q}) 
p(A—A’))U yee B’))) 


= = (No — A’) U p'(B— B’))) = a(C). 


Using the above lemma, we can now prove the following lemma which 
shows that resolution DAGs of ground instances of clauses can be lifted to 
resolution DAGs using the original clauses. 


Lemma 8.5.4 (Lifting lemma for resolution refutations) Let S be a finite 
set of clauses, and S, be a set of ground instances of S, so that every clause in 
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S, is of the form o;(C;) for some clause C; in S and some ground substitution 
O07. 


For any resolution DAG H, for S,, there is a resolution DAG H for S, 
such that the DAG H, is a homomorphic image of the DAG 4 in the following 
sense: 


There is a function Ff : H — H, from the set of nodes of H to the set of 
nodes of H,, such that, for every node u in H, if ul and w2 are the immediate 
descendants of u, then F'(ul) and F(w2) are the immediate descendants of 
F(u), and if the clause C' (not necessarily in 5,) is the label of u, then F(u) 
is labeled by the clause 6(C), where 0 is some ground substitution. 

Proof: We prove the lemma by induction on the underlying tree of Hy. 


(i) If H, has a single resolution step, we have clauses 0;(A), o2(B) and 
their resolvent D. By lemma 8.5.3, there exists a resolvent C of A and B 
and a substitution 6 such that 6(C’) = D. Note that it is possible that A and 
B are distinct, but o1(A) and o2(B) are not. In the first case, we have the 
following DAGs: 


DAG 4H, DAG H 
nC a 
C 
The homomorphism F' is such that F(e) =e, F(1) =1 and F(2) =1. 


In the second case, a1(A) 4 o2(B), but we could have A = B. Whether 
or not A = B, we create the following DAG H with three distinct nodes, so 
that the homomorphism is well defined: 


DAG H, DAG H 
o1(A) o2(B) 


~ Va 
D C 
The homomorphism F is the identity on nodes. 
(ii) If H, has more than one resolution step, it is of the form either 
(ii) (a) 


DAG 4H, 
G Go 


ye 
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where A’ and B’ are distinct, or of the form 
(ii) (b) 
DAG H, 
Gi 
A’ = B' 


() 


D 
if A’ = B’. 


(a) In the first case, by the induction hypothesis, there are DAGs Hy, 
and Hz and homomorphisms F) : H, — G, and Fy : Hz — G2, where Hy, is 
rooted with some formula A and Hg is rooted with some formula B, and for 
some ground substitutions @; and 62, we have, A’ = 0;(A) and B’ = 62(B). 
By lemma 8.5.3, there is a resolvent C of A and B and a substitution @ such 
that 0(C) = D. We can construct H as the DAG obtained by making C as 
the root, and even if A = B, by creating two distinct nodes 1 and 2, with 1 
labeled A and 2 labeled B: 


DAG H 
My wap) 


VF 


The homomorphism F' : H — H, is defined such that F(e) =e, F(1) = 
1, F(2) = 2, and it behaves like F, on H, and like Fy on Hp. The root clause 
C is mapped to 0(C) = D. 


(b) In the second case, by the induction hypothesis, there is a DAG Hy 
rooted with some formula A and a homomorphism F, : H, — Gj, and for 
some ground substitution 6;, we have A’ = 6;(A). By lemma 8.5.3, there is 
a resolvent C of A with itself, and a substitution @ such that 6(C) = D. It is 
clear that we can form H so that C is a root node with two edges connected to 
A, and F is the homomorphism such that F'(e) = e, F(1) = 1, and F behaves 
like Fy on Ay. 


DAG 4H 
Ay 
A 


() 


C 


The clause C is mapped onto D = 6(C). This concludes the proof. 
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EXAMPLE 8.5.3 


The following shows a lifting of the ground resolution of example 8.3.1 
for the clauses: 


Ch = {7P(21, a), ~P(z1, 2), ~P(a, 21)} 
Cz = {P(22, f(z2)), P(z2,a)} 
C3 = {P(f (zs), 23), P(z3, a)}- 


Recall that the ground instances are 


Gi = {>P(a,a)} 

G2 = {P(a, f(a), P(a,a)} 
G3 = {P(f(a@),a) My 

Ga = {>P(f(a), 4), >P(a, f(a))}, 


and the substitutions are 


a,a 


PP ede 
bak 


o1 = (a/22) 

02 = (a/z,a/x) 

03 = (a/23) 

o4 = (f(a)/z1, 4/2). 


Ground resolution-refutation H, 
for the set of ground clauses G1, G2, G3, G4 


Go Gy G3 G4 


{>P(a, f(a))} 


Lifting H of the above resolution refutation 
for the clauses Cy, C2, C3 


{>P(a, f(a))} 


The homomorphism is the identity on the nodes, and the substitutions 
are, (a/z2) for node 11 labeled C3, (a/z,a/x) for node 12 labeled C4, 
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(a/z3) for node 212 labeled C3, and (f(a)/z1,a/x) for node 22 labeled 
Ch. 


Note that this DAG is not as concise as the DAG of example 8.5.1. This 
is because is has been designed so that there is a homomorphism from 
Hf to Hg. 


As a consequence of the lifting theorem, we obtain the completeness of 
resolution. 


Theorem 8.5.1 (Completeness of resolution, without equality) If a finite 
set S of clauses is unsatisfiable, then there is a resolution refutation for S. 


Proof: By the Skolem-Herbrand-Gédel theorem (theorem 7.6.1, or its 
corollary), S is unsatisfiable iff a conjunction S$, of ground substitution in- 
stances of clauses in S' is unsatisfiable. By the completeness of ground reso- 
lution (lemma 8.3.1), there is a ground resolution refutation H, for S,. By 
lemma 8.5.4, this resolution refutation can be lifted to a resolution refutation 
HT for S. This concludes the proof. 


Actually, we can also prove the following type of Herbrand theorem for 
the resolution method, using the constructive nature of lemma 7.6.2. 


Theorem 8.5.2 (A Herbrand-like theorem for resolution) Consider a first- 
order language without equality. Given any prenex sentence A whose matrix 
is in CNF, if A — is LK-provable, then a resolution refutation of the clause 
form of A can be obtained constructively. 


Proof: By lemma 7.6.2, a compound instance C of the Skolem form B 
of A can be obtained constructively. Observe that the Skolem form B of A is 
in fact a clause form of A, since A is in CNF. But C is in fact a conjunction of 
ground instances of the clauses in the clause form of A. Since —C is provable, 
the search procedure will give a proof that can be converted to a GCN F’- 
proof. Since theorem 4.3.1 is constructive, we obtain a ground resolution 
refutation Hy. By the lifting lemma 8.5.4, a resolution refutation H can 
be constructively obtained for S,. Hence, we have shown that a resolution 
refutation for the clause form of A can be constructively obtained from an 
LK-proof of A>. 


It is likely that theorem 8.5.2 has a converse, but we do not have a proof 
of such a result. A simpler result is to prove the converse of lemma 8.5.4, 
the lifting theorem. This would provide another proof of the soundness of 
resolution. It is indeed possible to show that given any resolution refutation H 
of a set S of clauses, a resolution refutation Hy, for a certain set S, of ground 
instances of S can be constructed. However, the homomorphism property 
does not hold directly, and one has to exercise care in the construction. The 
interested reader should consult the problems. 


It should be noted that a Herbrand-like theorem for the resolution 
method and a certain Hilbert system has been proved by Joyner in his Ph.D 
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thesis (Joyner, 1974). However, these considerations are somewhat beyond 
the scope of this text, and we will not pursue this matter any further. 


PROBLEMS 


8.5.1. Give separating pairs of substitutions for the following clauses: 


{P(a,y, f(2))}s {PW 2 Fl2)} 
{P(a,y),P(y,2)}, {Q(y, 2), Plz, fy) 
{P(a, 9(@))}, {P(x, g())} 


8.5.2. Find all resolvents of the following pairs of clauses: 


{P(a,y),P(y,2)}, {9P(u, fw))} 
{P(a, 0), R(a, f(x))}, {R(w,y), Q(y 2)} 
{P(a,y), >P(a, 2), Q(@, F(z), 2)}, {9Q(F (x), 2, 2), Pla, 2)} 
{P(a, f(a), 2), P(u,w,w)}, {>P(@,y, 2), 7P(z, 2, 2)} 


8.5.3. Establish the unsatisfiability of each of the following formulae using 
the resolution method. 


(VadyP(ax,y) A daVy7P(a, y)) 


(Wadydz(L(x,y) A L(y, 2) \Q(y) A R(z) A (P(z) = R(@)))A 
VavyV2((L(@,y) \ L(y, 2)) 2 E(x, 2)) A savy>(P(y) A L(x, y))) 


8.5.4. Consider the following formulae asserting that a binary relation is 
symmetric, transitive, and total: 


51 : VaVy(P(a,y) > Ply, «)) 
So : VaVyVz((P(a2,y) A Ply, z)) D P(a, z)) 
S3 : VadyP(a, y) 


Prove by resolution that 
Si x So x S3 >) VaP(a, x). 


In other words, if P is symmetric, transitive and total, then P is 
reflexive. 


8.5.5. Complete the details of the proof of lemma 8.5.1. 
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*« 8.5.6. (a) Prove that given a resolution refutation H of a set S of clauses, a 
resolution refutation H, for a certain set S, of ground instances of S$ 
can be constructed. 


Apply the above construction to the following refutation: 


{>P(a), Q(a)} {P(x)} {>P(f(a)), -Q(a)} 
{Q(a)} {Q(a)} 


(b) Using (a), give another proof of the soundness of the resolution 
method. 


*« 8.5.7. Asin the propositional case, another way of presenting the resolution 
method is as follows. Given a (finite) set S of clauses, let 


R(S) = SU{C | C is a resolvent of two clauses in S}. 


Also, let 
RS) = 8, 
R°*'(S) = R(R"(S)),(n > 0), and let 
RAS) = | |) Be(S); 
n>0 
(a) Prove that S' is unsatisfiable if and only if R*(S) is unsatisfiable. 
(b) Prove that if S is finite, there is some n > 0 such that 


R*(S) = R"(S). 


(c) Prove that there is a resolution refutation for S if and only if the 
empty clause 1 is in R*(S). 


(d) Prove that S is unsatisfiable if and only if 0 belongs to R*(S). 


8.5.8. Prove that the resolution method is still complete if the resolution 
tule is restricted to clauses that are not tautologies (that is, clauses 
not containing both A and =A for some atomic formula A). 


* 8.5.9. Wesay that a clause C) subsumes a clause C2 if there is a substitution 
a such that o(C,) is a subset of C2. In the version of the resolution 
method described in problem 8.5.7, let 

R,(S) = R(S) — {C | C is subsumed by some clause in R(S)}. 
Let RY = S, 

RY*"(S) = Ri(R7(S)) and 
Ri(S) = U Rr(8). 


n>0 
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Prove that S is unsatisfiable if and only if 0 belongs to R7(S). 


8.5.10. The resolution method described in problem 8.5.7 can be modified 
by introducing the concept of factoring. Given a clause C, if C’ is 
any subset of C and C” is unifiable, the clause o(C) where o is a 
most general unifier of C’ is a factor of C. The factoring rule is the 
rule that allows any factor of a clause to be added to R(S). Consider 
the simplification of the resolution rule in which a resolvent of two 
clauses A and B is obtained by resolving sets A’ and B’ consisting 
of a single literal. This restricted version of the resolution rule is 
sometimes called binary resolution. 


(a) Show that binary resolution together with the factoring rule is 
complete. 


(b) Show that the factoring rule can be restricted to sets C’ consisting 
of a pair of literals. 


(c) Show that binary resolution alone is not complete. 


8.5.11. Prove that the resolution method is also complete for infinite sets of 
clauses. 


8.5.12. Write a computer program implementing the resolution method. 


8.6 A Glimpse at Paramodulation 


As we have noted earlier, equality causes complications in automatic the- 
orem proving. Several methods for handling equality with the resolution 
method have been proposed, including the paramodulation method (Robin- 
son and Wos, 1969), and the E-resolution method (Morris, 1969; Anderson, 
1970). Due to the lack of space, we will only define the paramodulation rule, 
but we will not give a full treatment of this method. 


In order to define the paramodulation rule, it is convenient to assume 
that the factoring rule is added to the resolution method. Given a clause 
A, if A’ is any subset of A and A’ is unifiable, the clause o(A) where o is a 
most general unifier of A’ is a factor of A. Using the factoring rule, it is easy 
to see that the resolution rule can be simplified, so that a resolvent of two 
clauses A and B is obtained by resolving sets A’ and B’ consisting of a single 
literal. This restricted version of the resolution rule is sometimes called binary 
resolution (this is a poor choice of terminology since both this restricted rule 
and the general resolution rule take two clauses as arguments, but yet, it is 
used in the literature!). It can be shown that binary resolution alone is not 
complete, but it is easy to show that it is complete together with the factoring 
rule (see problem 8.5.10). 


The paramodulation rule is a rule that treats an equation s = t as a (two 
way) rewrite rule, and allows the replacement of a subterm r unifiable with 
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s (or t) in an atomic formula Q, by the other side of the equation, modulo 
substitution by a most general unifier. 


More precisely, let 
A=((s=t)VC) 


be a clause containing the equation s = t, and 
B=(QVD) 


be another clause containing some literal Q (of the form Pt,...t, or 7Pty...tn, 
for some predicate symbol P of rank n, possibly the equality symbol =, in 
which case n = 2), and assume that for some tree address u in Q, the subterm 
r = Q/u is unifiable with s (or that r is unifiable with t). If o is a most 
general unifier of s and r, then the clause 


a(C V Q[u<— t] V D) 


(or o(C V Q[u — s] V D), if r and ¢ are unifiable) is a paramodulant of A and 
B. (Recall from Subsection 2.2.5, that Q[u < t] (or Q[u <— s]) is the result of 
replacing the subtree at address u in Q by t (or s)). 


EXAMPLE 8.6.1 
Let 


A= {f(x,h(y)) = 9(@,y),P(@)}, B= {QAF(h(2), h(@))))}- 


Then 
{Q(A(g(h(z), h(a)))), P(h(z))} 


is a paramodulant of A and B, in which the replacement is performed 
in B at address 11. 


EXAMPLE 8.6.2 
Let 
A={f(g(z),x) =h(a)}, B= {f(x,y) = Aly)}- 
Then, 
{h(z) = h(a)} 
is a paramodulant of A and B, in which the replacement is performed 
in A at address e. 


It can be shown that the resolution method using the (binary) resolution 
rule, the factoring rule, and the paramodulation rule, is complete for any finite 
set S of clauses, provided that the reflexity axiom and the functional reflexivity 
axioms are added to S. The reflexivity axiom is the clause 
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and the functional reflexivity axioms are the clauses 


{f(21,.-.,2n) = f(#1,..-,2n)}, 


for each function symbol f occurring in S, of any rank n > 0. 


The proof that this method is complete is more involved than the proof 
for the case of a first-language without equality, partly because the lifting 
lemma does not extend directly. It can also be shown that paramodulation is 
complete without the functional reflexivity axioms, but this is much harder. 
For details, the reader is referred to Loveland, 1978. 


Notes and Suggestions for Further Reading 


The resolution method has been studied extensively, and there are many re- 
finements of this method. Some of the refinements are still complete for all 
clauses (linear resolution, model elimination), others are more efficient but 
only complete for special kinds of clauses (unit or input resolution). For a 
detailed exposition of these methods, the reader is referred to Loveland, 1978; 
Robinson, 1979, and to the collection of original papers compiled in Siekmann 
and Wrightson, 1983. One should also consult Boyer and Moore, 1979, for 
advanced techniques in automatic theorem proving, induction in particular. 
For a more introductory approach, the reader may consult Bundy, 1983, and 
Kowalski, 1979. 


The resolution method has also been extended to higher-order logic by 
Andrews. The interested reader should consult Andrews, 1971; Pietrzykowski, 
1973; and Huet, 1973. 


Chapter 9 


SLD-Resolution And 
Logic Programming 


(PROLOG) 


9.1 Introduction 


We have seen in Chapter 8 that the resolution method is a complete procedure 
for showing unsatisfiability. However, finding refutations by resolution can be 
a very expensive process in the general case. If subclasses of formulae are 
considered, more efficient procedures for producing resolution refutations can 
be found. This is the case for the class of Horn clauses. A Horn clause is a 
disjunction of literals containing at most one positive literal. For sets of Horn 
clauses, there is a variant of resolution called SLD-resolution, which enjoys 
many nice properties. SLD-resolution is a special case of a refinement of 
the resolution method due to Kowalski and Kuehner known as SL-resolution 
(Kowalski and Kuehner, 1970), a variant of Model Elimination (Loveland, 
1978), and applies to special kinds of Horn clauses called definite clauses. We 
shall present SLD-resolution and show its completeness for Horn clauses. 


SLD-resolution is also interesting because it is the main computation 
procedure used in PROLOG. PROLOG is a programming language based on 
logic, in which a computation is in fact a refutation. The idea to define a 
program as a logic formula and view a refutation as a computation is a very 
fruitful one, because it reduces the complexity of proving the correctness of 
programs. In fact, it is often claimed that logic programs are obviously cor- 
rect, because these programs “express” the assertions that they should satisfy. 
However, this is not quite so, because the notion of correctness is relative, and 
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one still needs to define the semantics of logic programs in some independent 
fashion. This will be done in Subsection 9.5.4, using a model-theoretic seman- 
tics. Then, the correctness of SLD-resolution (as a computation procedure) 
with respect to the model-theoretic semantics will be proved. 


In this chapter, as in Chapter 8, we begin by studying SLD-resolution 
in the propositional case, and then use the lifting technique to extend the 
results obtained in the propositional case to the first-order case. Fortunately, 
the lifting process goes very smoothly. 


As in Chapter 4, in order to prove the completeness of SLD-resolution 
for propositional Horn clauses, we first show that Horn clauses have G'C'N F’- 
proofs of a certain kind, that we shall call GCN F’-proofs in SLD-form. Then, 
we show that every GCN F’-proof in SLD-form can be mapped into a linear 
SLD-refutation. Hence, the completeness proof for SLD-resolution is con- 
structive. 


The arguments used for showing that every unsatisfiable Horn clause 
has a GC'N F'-proof in SLD-form are quite basic and combinatorial in nature. 
Once again, the central concept is that of proof transformation. 


We conclude this chapter by discussing the notion of logic program and 
the idea of viewing SLD-resolution as a computation procedure. We pro- 
vide a rigorous semantics for logic programs, and show the correctness and 
completeness of SLD-resolution with respect to this semantics. 


The contents of Section 9.5 can be viewed as the theoretical foundations 
of logic programming, and PROLOG in particular. 


9.2 GCNF’-Proofs in SLD-Form 


First, we shall prove that every unsatisfiable propositional Horn clause has 
a GCNF'-proof of a certain type, called a proof in SLD-form. In order to 
explain the method for converting a GCN F’-proof into an SLD-resolution 
proof, it is convenient to consider the special case of sets of Horn clauses, 
containing exactly one clause containing no positive literals (clause of the 
form {=P,,...,7Pm}). Other Horn clauses will be called definite clauses. 


9.2.1 The Case of Definite Clauses 
These concepts are defined as follows. 
Definition 9.2.1 A Horn clause is a disjunction of literals containing at 


most one positive literal. A Horn clause is a definite clause iff it contains a 
(single) positive literal. Hence, a definite clause is either of the form 


{Q}, or {AP yeh}: 
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A Horn clause of the form 
{aP,,...,7Pm} 


is called a negative clause or goal clause. 


For simplicity of notation, a clause {Q} will also be denoted by Q. In 
the rest of this section, we restrict our attention to sets S of clauses consisting 
of definite clauses except for one goal clause. Our goal is to show that for 
a set S consisting of definite clauses and of a single goal B, if S is GCNF’- 
provable, then there is a proof having the property that whenever a V : left 
tule is applied to a definite clause {=P\,...,7>Pm,Q}, the rule splits it into 
{=P,,...,7Pm} and {Q}, the sequent containing {Q} is an axiom, and the 
sequent containing {7=P,,...,7P,} does not contain 7Q. 


EXAMPLE 9.2.1 
Consider the set S of Horn clauses with goal {=P,, —P2} given by: 


S= {{P3}, {Pa}, { Pi, 'P>}, { P3, Ps, Pi}, {>Ps, Po} }. 


The following is a GCN F’-proof: 


aP2,P3— P3,7P3 > 


P3,7P3— Py,APyo 7P1, Pi P3,7P2,{7P3, P2} > 


Pe Praja Paras Ps. {a Riga Pe, Pia Pay 


P3, Pa, {-P,, —P2}, {-P3, —P4, Pi}, {-P3, P2} 


Another proof having the properties mentioned above is 


P3,7P3— Py,7P, > 


9P,,P) > P3, Ps, {7P3,7Py} > —=P2,P, > P3,7P3 > 


P3, P4,7P,, {->P3, 7P,, Py} > P3, P2,{7P3, Po} > 


Pag Pad ieabs iq aye de Py ee ag of 


Observe that in the above proof, the V : left rule is first applied to the 
goal clause {=P,,-P2}, and then it is applied to split each definite clause 
{7Q1,---; 7@Qm,Q} into {4Q1,...,7>Qm} and {Q}, in such a way that the se- 
quent containing {Q} is the axiom Q,7=Q —. Note also that each clause 
{7Q1,..-; 7Qm} resulting from splitting a definite clause as indicated above is 
the only goal clause in the sequent containing it. 
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9.2.2 GCN F’-Proofs in SLD-Form 


The above example suggests that if a set of definite clauses with goal B is 
GCN F’'-provable, it has a proof obtained by following rules described below, 
starting with a one-node tree containing the goal B = {=P\,...,>Py}: 


(1) If no leaf of the tree obtained so far contains a clause consisting of a 
single negative literal ~Q then, 


As long as the tree is not a GCN F’-proof tree, apply the V : left rule 
to each goal clause B of the form {7=Q1,...,.7Qm} (m > 1) in order to form 
m immediate descendants of B, else 


(2) For every goal clause consisting of a single negative literal =Q, find a 
definite clause {=P,, ..., >Px,Q} (or Q when k = 0), and split {>P,,..., ~P,, 
Q} using the V : left rule in order to get the axiom ~Q,Q — in one node, 
{=P,,...,7Pm} in the other, and drop =Q from that second node. 


Go back to (1). 


In is not clear that such a method works, and that in step (2), the 
existence of a definite clause {-P,,...,7P;,,Q} such that Q cancels 7Q is 
guaranteed. However, we are going to prove that this is always the case. 
First, we define the type of proofs arising in the procedure described above. 


Definition 9.2.2 Given a set S of clauses consisting of definite clauses and 
of a single goal B, a GCN F’-proof is in SLD-form iff the conditions below 
are satisfied: 


For every node B in the tree that is not an axiom: 


(1) If the set of clauses labeling that node does not contain any clause 
consisting of a single negative literal =Q, then it contains a single goal clause 
of the form {7=Q),...,7Qm} (m > 1), and the V : left rule is applied to this 
goal clause in order to form m immediate descendants of B. 


(2) If the set of clauses labeling that node contains some single negative 
literal, for such a clause —=Q, there is some definite clause 


{-Pi, vy Per Qf, 


(k > 0), such that the V : left rule is applied to 


LAP is wpe Q} 


in order to get the axiom =Q,Q — and a sequent containing the single goal 
clause {=P,,..., 7 Px}. 


We are now going to prove that if a set of clauses consisting of definite 
clauses and of a single goal clause if provable in GCN F’, then it has a proof 
in SLD-form. For this, we are going to perform proof transformations, and 
use simple combinatorial properties. 
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9.2.3 Completeness of Proofs in SLD-Form 


First, we need to show that every GCN F’-provable set of clauses has a proof 
in which no weakenings takes place. This is defined as follows. 


Definition 9.2.3 A GCNF’-proof is without weakenings iff every applica- 
tion of the V : left rule is of the form: 


LAs 4S T,B- 
T, (Ai V B),...,(Am V B) > 


We have the following normal form lemma. 


Lemma 9.2.1 Ifa set S of clauses is GCN F’-provable, then a GCN F’- 
proof without weakenings and in which all the axioms contain only literals 
can be constructed. 


Proof: Since G’ is complete, S — has a G’-proof T. By lemma 6.3.1 
restricted to propositions, S — has a G’-proof T’ in which all axioms are 
atomic. Using lemma 4.2.2, S — has a G’-proof T” in which all axioms 
are atomic, and in which all applications of the V : left rule precede all 
applications of the — : left rule. The tree obtained from T” by retaining 
the portion of the proof tree that does not contain — : left inferences is the 
desired GCN F'-proof. 


The following permutation lemma is the key to the conversion to SLD- 
form. 


Lemma 9.2.2 Let S bea set of clauses that has a GCN F’-proof T. Then, 
for any clause C' in S having more than one literal, for any partition of the 
literals in C' into two disjunctions A and B such C = (AV B), there is a 
GCN F'-proof T’ in which the V : left rule is applied to (AV B) at the root. 
Furthermore, if the proof T of S is without weakenings and all axioms contain 
only literals, the proof T’ has the same depth as T. 


Proof: Observe that representing disjunctions of literals as unordered 
sets of literals is really a convenience afforded by the associativity, commuta- 
tivity and idempotence of V, but that this convenience does not affect the com- 
pleteness of G’. Hence, no matter how C is split into a disjunction (AV B), the 
sequent [, (AV B) — is G’-provable. By converting a G’-proof of T, (AV B) — 
given by lemma 9.2.1 into a GCN F’-proof, we obtain a GCN F’-proof with- 
out weakenings, and in which the V : left rule is applied to A and B only 
after it is applied to (AV B). If the V : left rule applied at the root does not 
apply to (AV B), it must apply to some other disjunction (C V D). Such a 
proof T must be of the following form: 
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Tree T' 


Il I 
T,(AV B),(CV D) > 


where IJ, is the tree 


Ty St Tim Sm 
T,,A- T,,B- Tm,A-> Tm,B- 
T,,(AV B)= Tm,(AV B) > 
R 
T,(AV B),C 


and where II is the tree 


T; Si a Sh 
A,,A-> Ai,B- An, A> A,,B- 
Ai, (AV B) > An, (AV B) > 
S 


[,(AVB),D= 


In the above proof, we have indicated the nodes to which the V : left 
rule is applied, nodes that must exist since all axioms consist of literals. The 
inferences above [,(A V B),C and below applications of the V : left rule to 
(AV B) are denoted by R, and the similar inferences above ,(AV B), D are 
denoted by S. We can transform T into T’ by applying the V : left rule at 
the root as shown below: 


Tree T’ 


TT, II, 
T,(AV B),(CVD) > 
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where II, is the tree 


T,,A- Tm,A- A,,A- A,,A-> 


T,A,C > [T,A,D—- 
T,A,(CV D) > 


and where IT is the tree 


T,B,C—- T,B,D—- 
T,B,(C Vv D) > 


Clearly, depth(T’) = depth(T). 


Note that T’ is obtained from T by permutation of inferences. We need 
another crucial combinatorial property shown in the following lemma. 


Lemma 9.2.3 Let S be an arbitrary set of clauses such that the subset 
of clauses containing more than one literal is the nonempty set {C1,...,Cn} 
and the subset consisting of the one-literal clauses is J. Assume that S is 
GCN F’-provable, and that we have a proof T without weakenings such that 
all axioms consist of literals. Then, every axiom is labeled with a set of literals 
of the form {Z,..., L,}U J, where each literal L; is in Cj, i= 1,...,n. 


Proof: We proceed by induction on proof trees. Since S$ contains at 
least one clause with at least two literals and the axioms only contain literals, 
depth(T) > 1. If T has depth 1, then there is exactly one application of the 
V:rule and the proof is of the following form: 


J, I, —- J, Ly 
J, (Li V Lg) aes 
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Clearly, the lemma holds. 
If T is a tree of depth k +1, it is of the following form, 
T, T> 
T,A- T,Bo 


y] 


T,(AV B) > 


where we can assume without loss of generality that C,, = (AV B). By the 
induction hypothesis, each axiom of T) is labeled with a set of clauses of the 
form {Iy,...,L,}U J, where each literal L; is in C; for i = 1,...,n — 1, and 
either L, = A if A consists of a single literal, or L, belongs to A. Similarly, 
each axiom of T> is labeled with a set of clauses of the form {L1,...,L,}U J, 
where each literal LD; is in C; for i = 1,...,n—1, and either L, = B if B consists 
of a single literal, or L, belongs to B. Since the union of A and B is Cy, 
every axiom of T is labeled with a set of clauses of the form {I1,...,L[n,}UJ, 
where each literal D; is in C;, i =1,...,n. Hence, the lemma holds. 


As a consequence, we obtain the following useful corollary. 


Lemma 9.2.4 Let S be a set of Horn clauses. If S is GCNF’-provable, 
then S contains at least one clause consisting of a single positive literal, and 
at least one goal (negative) clause. 


Proof: It S is an axiom, this is obvious. Otherwise, by lemma 9.2.3, if 
S is GCN F'-provable, then it has a proof T without weakenings such that 
every axiom is labeled with a set of literals of the form {14,..., L,}UJ, where 
each literal D; is in C;, i= 1,...,n, and J is the set of clauses in S' consisting 
of a single literal. If J does not contain any positive literals, since every 
Horn clause C; contains a negative literal say —A;, the set {7Aj,..., 7A, }US 
contains only negative literals, and so cannot be an axiom. If every clause in 
J is positive and every clause C; contains some positive literal say A;, then 
{Aj,..., An} U J contains only positive literals and cannot be an axiom. 


In order to prove the main theorem of this section, we will need to 
show that the provability of a set of Horn clauses with several goals (negative 
clauses) reduces to the case of a set of Horn clauses with a single goal. 


Lemma 9.2.5 Let S be a set of Horn clauses consisting of a set J of single 
positive literals, goal clauses Nj,...,N,, and definite clauses C},...,C, contain- 
ing at least two literals. 


If S is GCNF’-provable, then there is some i, 1 < i < k, such that 


is GCN F’-provable. Furthermore, if T is a GCN F’-proof of S without weak- 
enings and such that the axioms contain only literals, JU{C4, ...,Cm}U {Ni} 
has a proof of depth less than or equal to the depth of T. 


418 9/SLD-Resolution And Logic Programming (PROLOG) 


Proof: We proceed by induction on proof trees. Let T be a GCN F’- 
proof of S without weakenings and such that all axioms contain only literals. 


Case 1: JU {C4,...,;Cm}U {M1,..., Ne} is an axiom. Then, one of the 
positive literals in J must be the conjugate of some negative clause N;, and 
the lemma holds. 


Case 2: The bottom V : left rule is applied to one of the N;. Without 
loss of generality, we can assume that it is Nj = {7Q1,...,7Q;,7P}. 


Letting C = C},...,Cm, the proof is of the form 


T T 
J,C, No, wey Ne, {7Q1, we 1Q5} = J,C, No, wy Ne, WP re 


J,C, Ni, wig ag 


Observe that the bottom sequents of T; and T) satisfy the conditions of 
the induction hypothesis. There are two subcases. If both 


J, Ch, », Om, {7Q1,..., 7Q;} and 
J, Ch, weey Cm,7P are 


are provable, then 
J, C4, ...; Cm, {7Q1, -., 7Q;, 7P} 
is provable by application of the V : rule, and the lemma holds. If 
J, C1, ..,;Cm, Ni 


is provable for some i, 2 <7 <k, then the lemma also holds. 


Case 3: The bottom V : rule is applied to one of the C;. Without loss 
of generality, we can assume that it is C) = {7Q1,...,>Q,, P}. There are two 
subcases: 


Case 3.1: Letting V = Nj,..., Nz, the proof is of the form 
T T 
J, Co, ny Om N, {7Q1, wp AQs} <= J, PB; Co, Crp = 
J, C1, ...,Cm,N 


Again the induction hypothesis applies to both T; and 7. If 


J, C2, ..., Cm, {7Q1,..., 7Q;}— is provable and 
J, P,Co,...,Cm,N; — is provable 
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for some i, 1 <i<k, then by the V: rule, 
J, C1, «Cm, Ni 
is also provable, and the lemma holds. If 
J, C2, ..,Cm, Ni 
is provable for some i, 1 <i<k, then 
J,Cy,.5Cm,Ni 
is also provable (using weakening in the last V : rule). 
Case 3.2: Letting NV = Nj,..., Nz, the proof is of the form 
Ti T 
Jj C9 500 Cry NAM Qs .8, 5905, P} = J, C2, ..-;Cm,;7Q1,N > 
J,Cy, ..,Cm,N 


Applying the induction hypothesis, either 
J, C2, ..., Cm, Ni, {7Qa, ..., 7Q;, P} 
is provable for some i, 1 <i<k, and 
J, C2, ..5Cm,7Q1 


is provable, and by the V: rule, J,C,...,Cm, Nj; is provable and the lemma 
holds. Otherwise, 
J, C2, ..,5 Cm, Ni 


is provable for some i, 1 <i < k, and so J,Cj,...,Cm, Nj; is also provable 
using weakening in the last V : rule. This concludes the proof. 


We are now ready to prove the main theorem of this section. 


Theorem 9.2.1 (Completeness of proofs in SLD-form) If a set S consisting 
of definite clauses and of a single goal B = {7P,,..., = P,} is GCN F’-provable, 
then it has a GCN F’-proof in SLD-form. 


Proof: Assume that S is not an axiom. By lemma 9.2.1, there is a 
GCNF'-proof T without weakenings, and such that all axioms consist of 
literals. We proceed by induction on the depth of proof trees. If depth(T) = 1, 
the proof is already in SLD-form (this is the base case of lemma 9.2.3). If 
depth(T) > 1, by n applications of lemma 9.2.2, we obtain a proof tree T’ 
having the same depth as 7, such that the i-th inference using the V : left 
rule is applied to {-P;,..., >P, }. Hence, letting C = C),...,Cim, the tree T” is 
of the form: 
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Dee: 1 Ty 
J,C, 7 a ee J,C,7P, > 


J,C,{7Pn—1,7Pn} = 


T5 
T, J,C, =P, > LOA 


J,C,“P, > JC fa Pay shy 


JC Py; igre. teas 


where J is the set of clauses consisting of a single positive literal, and each 
clause C;, has more than one literal. For every subproof rooted with J, Cj, ..., 
Cm, 7P; —, by lemma 9.2.3, each axiom is labeled with a set of literals 


{Ii, eg Leh U {=P;} Ud, 


where each L; isin Cj, 1 <j < m. In particular, since each clause C; contains 
a single positive literal A;, for every 1, 1 <i<n, {Ai,...,Am}U{7P} UT 
must be an axiom. Clearly, either some literal in J is of the form P;, or there 
is some definite clause C = {7Q}, ..., >Q,, A; } among C},...,C,, with positive 
literal A; = P;. In the first case, J,C,...,Cm,7P; — is an axiom and the 
tree T; is not present. Otherwise, let C’ = {C4,...,Cm}—{C}. Using lemma 
9.2.2 again, we obtain a proof R; of 


J, Ci, fey Orn Ee = 


(of depth equal to the previous one) such that the the V : left rule is applied 
to C: 


T! 


7 


Pi, AP, > J, {7Q1, -, 7WQp}, C", AP; 


J, {7Q1, ey Wp, Pid OC’, AP; aoe 


Note that 
J, {7Q1, coee AQp}, Ce, AP; ars 


has two goal clauses. By lemma 9.2.5, either 


J, {7Q1, tee sys C’ ara 
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has a proof U;, or 
J, C’, AP; —- 


has a proof V;, and the depth of each proof is no greater than the depth 
of the proof R; of J,{7Qi,..., 7Qp, Pi}, C’,P; —. In the second case, by 
performing a weakening in the last inference of V;, we obtain a proof for 
J,C\...,Cm,7P; — of smaller depth than the original, and the induction 
hypothesis applies, yielding a proof in SLD-form for J, Cj, ...,Cm,—7P; — . In 
the first case, —P; is dropped and, by the induction hypothesis, we also have 
a proof in SLD-form of the form: 


i 
a 


PAP, J, {7Q1,..,7Qp},C! 


J, {7-Q1, oat AQp, Pi}, C", AP; =P 


Hence, by combining these proofs in SLD-form, we obtain a proof in 
SLD-form for S. 


Combining theorem 9.2.1 and lemma 9.2.5, we also have the following 
theorem. 


Theorem 9.2.2 Let S be a set of Horn clauses, consisting of a set J of 
single positive literals, goal clauses Nj,...,N,, and definite clauses C4,...,Cm 
containing at least two literals. If S is GCN F’-provable, then there is some 
i, 1<i<k, such that 


JUL{C1, 5 Cm} U {Ni} 


has a GCN F'-proof in SLD-form. 
Proof: Obvious by theorem 9.2.1 and lemma 9.2.5. 


In the next section, we shall show how proofs in SLD-form can be con- 
verted into resolution refutations of a certain type. 


PROBLEMS 


9.2.1. Give a GCN F’-proof in SLD-form for each of the following sequents: 


{APs Pe} oP is Poh (Ps Pi tobe Pap AP sts 
{=P,, = P>}, {=P;, P2} —= 


Pane Teal {P3}, {Pa}, eee =P2, Fe}, {ahs Pas Pe} 
{7Ps, -P7, Pg}, {Pa} 
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talae P3}, {P3, Py}, {-Pa, Ps}, {P3}, {Pi}, {Po}, {-P,}, 
cimacre aioe Gael ate ay a ae ae a8 oe 


9.2.2. Complete the missing details in the proof of lemma 9.2.5. 
9.2.3. Write a computer program for building proof trees in SLD-form for 


Horn clauses. 


9.2.4. Given a set S of Horn clauses, we define an H-tree for S as a tree 
labeled with propositional letters and satisfying the following proper- 
ties: 

(i) The root of T is labeled with F (false); 

(ii) The immediate descendants of F are nodes labeled with proposi- 
tional letters P\,...,P, such that {=P,, ..., =P, } is some goal clause in 
S; 

(iii) For every nonroot node in the tree labeled with some letter Q, 
either the immediate descendants of that node are nodes labeled with 
letters P,,...,P, such that {-=P,,...,7P;,,Q} is some clause in S, or 
this node is a leaf if {Q} is a clause in S. 


Prove that S is unsatisfiable iff it has an H-tree. 


9.3 SLD-Resolution in Propositional Logic 


SLD-refutations for sets of Horn clauses can be viewed as linearizations of 
GCN F’-proofs in SLD-form. 


9.3.1 SLD-Derivations and SLD-Refutations 
First, we show how to linearize SLD-proofs. 
Definition 9.3.1 The linearization procedure is a recursive algorithm that 


converts a GCN F’-proof in SLD-form into a sequence of negative clauses 
according to the following rules: 


(1) Every axiom —P, P — is converted to the sequence < {=P},O>. 


(2) For asequent R — containing a goal clause N = {=P,,..., Py}, with 
n > 1, if C; is the sequence of clauses that is the linearization of the subtree 
with root the i-th descendant of the sequent R —, construct the sequence 
obtained as follows: 


Concatenate the sequences C}j,...,C),_1, Cn, where, for each i, 1 <i < 
n—1, letting n; be the number of clauses in the sequence C;, the sequence C; 
has n; — 1 clauses such that, for every j7, 1 < 7 <n; —1, if the j-th clause of 
C; is 

{B,,..., Bm}, 
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then the j-th clause of C; is 


{Bip wear Pelpae aia )s 


(3) For every nonaxiom sequent T, =P — containing some negative lit- 
eral =P, if the definite clause used in the inference is {=P,, ..., 7Pm, P}, letting 
A =T -— {AP\,...,7Pm,P}, then if the sequence of clauses for the sequent 
A, {=P1,...,7Pn}— is C, form the sequence obtained by concatenating ~P 
and the sequence C. 


Note that by (1), (2), and (3), in (2), the first clause of each C/, (1 < 
i<n-1), is 


{AP 5, TE GF Lg ey Py}, 
and the first clause of C, is {=P,}. 


The following example shows how such a linearization is done. 


EXAMPLE 9.3.1 


Recall the proof tree in SLD-form given in example 9.2.1: 


P3,7P3— Py,7P, > 


9Pi,P,— P3,P4,{7P3,7Ps4} > -=P2,P,—> P3,7P3—> 


P3, Py, 7P,,{7P3,7P1, Pi} P3, Pz, {-P3, P2} > 


P3, Pa, {-P,, —P2}, {-P3, —P4, Pi}, {7P3, P2} 


The sequence corresponding to the left subtree is 


<4 Pi}, { P3, Pa}, { Py}, eo 


and the sequence corresponding to the right subtree is 


< {-P2}, {-Ps}, > 


Hence, the sequence corresponding to the proof tree is 


< {AP,,7P2}, {AP3, ~P,4, =P>}, 
{ Ps, Po}, { Po}, { 1P3}, Se 


This last sequence is an SLD-refutation, as defined below. 


Definition 9.3.2 Let S be a set of Horn clauses consisting of a set D of 
definite clauses and a set {G4,...,G,} of goals. An SLD-derivation for S 
is a sequence < No,.Nj,...,.N, > of negative clauses satisfying the following 
properties: 
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(1) No = G;, where G; is one of the goals; 
(2) For every N; in the sequence, 0 <i < p, if 


Ny = {aA og Apo AR Aa Aa, 


then there is some definite clause 
C; = {7B),...,7Bm, Ar} 


in D such that, if m > 0, then 


Nig = 417A i Ap As Big OB Ag OA} 
else if m = 0 then 


Nga = {Ay 9 Agi, WAR FAR}. 


An SLD-derivation is an SLD-refutation iff N, =O. The SLD-resolution 
method is the method in which a set of of Horn clauses is shown to be unsat- 
isfiable by finding an SLD-refutation. 


Note that an SLD-derivation is a linear representation of a resolution 


DAG of the following special form: 
Cy No =G; 
Ny 


Ce aie tb 442' 3 


N, = 


At each step, the clauses 


{7A}, ..., ‘Ar-1, ‘A, (AR it jceg aA } and 
{7By,..., 7B, Ag} 


are resolved, the literals A, and —A; being canceled. The literal A; is called 
the selected atom of N;, and the clauses No, Cj, ..., Cp are the input clauses. 
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Such a resolution method is a form of linear input resolution, because it 
resolves the current clause N; with some clause in the input set D. 
By the soundness of the resolution method (lemma 4.3.2), the SLD- 


resolution method is sound. 


EXAMPLE 9.3.2 


The sequence 


< {AP,,7P2},{AP3, =P, =P>}, 
{ 4, 'P>}, { 'P>}, { ‘P3}, > 


of example 9.3.1 is an SLD-refutation. 


9.3.2 Completeness of SLD-Resolution for Horn Clauses 


In order to show that SLD-resolution is complete for Horn clauses, since by 
theorem 9.2.2 every set of Horn clauses has a GC'N F’-proof in SLD-form, it is 
sufficient to prove that the linearization algorithm of definition 9.3.1 converts 
a proof in SLD-form to an SLD-refutation. 


Lemma 9.3.1 (Correctness of the linearization process) Given any GCN F’- 
proof T in SLD-form, the linearization procedure outputs an SLD-refutation. 


Proof: We proceed by induction on proofs. If T’ consists of an axiom, 
then the set S of Horn clauses contains a goal =Q and a positive literal Q, 
and we have the SLD-refutation < {=Q},0 >. 


Otherwise, because it is in SLD-form, letting C = C),...,Cm, the tree T 
has the following structure: 


Th-1 Lys 
J,C, 7 n—1 J,C,7P, > 


TA ea at ae 


T2 
Ty J,C,7P, > POPS baal avert) a ae 


J,C,7P, > Jeter FS 


BON ta a eg Ee ms 


Each tree J; that is not an axiom is also in SLD-form and has the 
following shape: 
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T! 


7 


By aby J, {7Q1,..., 7Qp},C" 


J, {7Q1, wy Wp, Pit CY, AP; ae 


where C’ = {C1,...,Cm}—{C}, for some definite clause C = {7=Q1,...,7Qp, 
P;}. 


By the induction hypothesis, each tree T/ is converted to an SLD- 
refutation 


Y; =< {7Q1, eee I pa ee NG >. 


By rule (3), the proof tree T; is converted to the SLD-refutation X; obtained 
by concatenating {=P;} and Y;. But then, 


X; =<{ Pi}, { 11, Qn}, No, ...,.Nq > 


is an SLD-refutation obtained by resolving {=P;} with {-Q1,..., 7>Qp, Pi}. 


If T; is an axiom then by rule (1) it is converted to < {=P;},0 >, which 
is an SLD-refutation. 


Finally, rule (2) combines the SLD-refutations Xj,...,X, in such a way 
that the resulting sequence is an SLD-refutation. Indeed, for every 2, 
1<i<n-1, X; becomes the SLD-derivation X/, where 


XxX; =< {=P;,7 pie eee Pr}, { 11, «5 Qn; 1 i153 7B nf, 
ING) Pater Ne Ue i a eG 


and so the entire sequence X},...,X/,_1,X, is an SLD-refutation starting from 
the goal {=P,,..., 7P, }. 


As a corollary, we have the completeness of SLD-resolution for Horn 
clauses. 


Theorem 9.3.1 (Completeness of SLD-resolution for Horn clauses) The 
SLD-resolution method is complete for Horn clauses. Furthermore, if the 
first negative clause is {=P,,..., .P,,}, for every literal —P; in this goal, there 
is an SLD-resolution whose first selected atom is P;. 


Proof: Completeness is a consequence of lemma 9.3.1 and theorem 9.2.2. 
It is easy to see that in the linearization procedure, the order in which the 
subsequences are concatenated does not matter. This implies the second part 
of the lemma. 


Actually, since SLD-refutations are the result of linearizing proof trees 
in SLD-form, it is easy to show that any atom P; such that —P; belongs to a 
negative clause N; in an SLD-refutation can be chosen as the selected atom. 
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By theorem 9.2.2, if a set S of Horn clauses with several goals Nj, ..., Nx 
is GCN F’-provable, then there is some goal N; such that S — {N,..., Ni-1, 
Ni+1,---, Ng} is GCN F'-provable. This does not mean that there is a unique 
such N;, as shown by the following example. 


EXAMPLE 9.3.2 


Consider the set S of clauses: 
rae {Q}, {5; Bs {oR, Et, {ARs aQ}, {S}. 


We have two SLD-refutations: 


< {A=R, =P}, {AR}, {-S},o0> 


and 


<4 RR, QO}, { ‘R}, { iS}, >. 


In the next section, we generalize SLD-resolution to first-order languages 
without equality, using the lifting technique of Section 8.5. 


PROBLEMS 


9.3.1. Apply the linearization procedure to the proof trees in SLD-form 
obtained in problem 9.2.1. 


9.3.2. Give different SLD-resolution refutations for the following sets of 
clauses: 


{Pi}, {Po}, qteay {Pa}, ba! ac 7P2, Pe}, {-P3, AP 4, P7}, 
{-P6, +Pr, Ps}, {Ps}. 


alan P3}, {AP3, Py}, {-Pa, Ps}, {P3}, {Pi}, {Po}, {7P}, 
{>P3, Pet {7P3, P7}, {-P3, P3}. 


9.3.3. Write a computer program implementing the linearization procedure. 


9.4 SLD-Resolution in First-Order Logic 


In this section we shall generalize SLD-resolution to first-order languages with- 
out equality. Fortunately, it is relatively painless to generalize results about 
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propositional SLD-resolution to the first-order case, using the lifting technique 
of Section 8.5. 


9.4.1 Definition of SLD-Refutations 
Since the main application of SLD-resolution is to PROLOG, we shall also 
revise our notation to conform to the PROLOG notation. 
Definition 9.4.1 A Horn clause (in PROLOG notation) is one of the fol- 
lowing expressions: 

(i) B: —A},..., Am 

(ii) B 

(iii) : —Aj,..., Am 


In the above, B, Aj,...,Am are atomic formulae of the form Pfy...tz, 
where P is a predicate symbol of rank k, and ¢,...,t, are terms. 


A clause of the form (i) or (ii) is called a definite clause, and a clause of 
the form (iii) is called a goal clause (or negative clause). 


The translation into the standard logic notation is the following: 


The clause B : —Aj,..., Am corresponds to the formula 
(7A, V...V7Am VB); 


The clause B corresponds to the atomic formula B; 


The clause : —Aj,..., 4m corresponds to the formula 


(Ape AG Ys 


Actually, as in definition 8.2.1, it is assumed that a Horn clause is the 
universal closure of a formula as above (that is, of the form Vx 1...Va,C, where 
FV(C) = {a1,...,Un}). The universal quantifiers are dropped for simplicity 
of notation, but it is important to remember that they are implicitly present. 


The definition of SLD-derivations and SLD-refutations is extended by 
combining definition 9.3.2 and the definition of a resolvent given in definition 
8.5.2. 


Definition 9.4.2 Let S be a set of Horn clauses consisting of a set D of 
definite clauses and a set {G4,...,G,} of goals. An SLD-derivation for S 
is a sequence < No,Nj,...,Np > of negative clauses satisfying the following 
properties: 


(1) No = G;, where G; is one of the goals; 
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(2) For every N; in the sequence, 0 <i < p, if 
Nj =: Ai, Yong Ag-1, Ax, Agi, ce An, 


then there is some definite clause C; = A: —Bj,...,Bm in D such that A, 
and A are unifiable, and for some most general unifier o; of A, and p;(A), 
where (Id, p;) is a separating substitution pair, if m > 0, then 


Nizi =: —9:(A1, .--; Ak—1, 0i(B1), ---) Pi(Bm), Abti, --) An) 
else if m = 0 then 


Ni =) $0; (Ag; a Apaty Agi ay An). 


An SLD-derivation is an SLD-refutation iff Np = 


Note that an SLD-derivation is a linear representation of a resolution 
DAG of the following special form: 


Cp ae C; bose Co Ci No = G; 
Ny O71 
Pee: 02 
UN O% 
N, =O Op 


At each step, the clauses 
: =A oe) Ag-1, Ag, Agyi; yey An 


and 
A: —B,, Lae Day 


are resolved, the atoms A; and p;(A) being canceled, since they are unified 
by the most general unifier o;. The literal A; is called the selected atom of 
N;, and the clauses No, C1, ..., Cp are the input clauses. 


When the derivation is a refutation, the substitution 


oT = (P1001) 0... (Pp 0 Op) 


430 9/SLD-Resolution And Logic Programming (PROLOG) 


obtained by composing the substitutions occurring in the refutation is called 
the result substitution or answer substitution. It is used in PROLOG to ex- 
tract the output of an SLD-computation. 


Since an SLD-derivation is a special kind of resolution DAG, (a linear 


input resolution), its soundness is a consequence of lemma 8.5.2. 


Lemma 9.4.1 (Soundness of SLD-resolution) If a set of Horn clauses has 
an SLD-refutation, then it is unsatisfiable. 


Proof: Immediate from lemma 8.5.2. 


Let us give an example of an SLD-refutation in the first-order case. 


EXAMPLE 9.4.1 


Consider the following set of definite clauses, axiomatizing addition of 
natural numbers: 


C, : add(X,0,X). 
Cz : add(X, succ(Y), succ(Z)) : —add(X, Y, Z). 


Consider the goal 


B : —add(succ(0), V, succ(succ(0))). 


We wish to show that the above set is unsatisfiable. We have the fol- 
lowing SLD-refutation: 


Goal clause Input clause Substitution 
: —add(succ(0), V, succ(succ(0))) C2 
: —add(succ(0), Yo, succ(0)) Ci O1 
02 


where 
a1 = (succ(0)/X1, succ(0)/Z,, succ(Y2)/V), 


a2 = (succ(0)/X2,0/Y2) 


The variables X,, 21, Yo, X2q were introduced by separating substitu- 
tions in computing resolvents. The result substitution is 


(succ(0)/V, succ(0)/X1, succ(0)/Z1, succ(0)/X2). 


The interesting component is succ(0)/V. Indeed, there is a computa- 
tional interpretation of the unsatisfiability of the set {C1,C2,B}. For 
this, it is necessary to write quantifiers explicitly and remember that 
goal clauses are negative. Observe that 


VXC) AVXVYVZC2 AVVB 
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is unsatisfiable, iff 


A(VXC, AWXVYVZC2 AVVB) 


is valid, iff 


(VXC1 \ VXVYVZC2) > AVAB 


is valid. But 3V-B is actually 


Vadd(succ(0), V, succ(0)). 


Since (VXC; AVXVYVZC2) defines addition in the intuitive sense that 
any X,Y, Z satisfying the above sentence are such that Z = X + Y, we 
are trying to find some V such that succ(0) + V = succ(succ(0)), or in 
other words, compute the difference of succ(succ(0)) and succ(0), which 
is indeed succ(0)! 


This interpretation of a refutation showing that a set of Horn clauses is 


unsatisfiable as a computation of the answer to a query, such as 


(VXC, AVXVYVZC 2) D AV-B, 
“find some V satisfying —B and such that some conditional 
axioms VXC; and VXVYVZC, hold,” 


is the essense of PROLOG. The set of clauses {C),C2} can be viewed as a 
logic program. 


We will come back to the idea of refutations as computations in the next 
section. 


9.4.2 Completeness of SLD-Resolution for Horn Clauses 


The completeness of SLD-resolution for Horn clauses is shown in the following 
theorem. 


Theorem 9.4.1 (Completeness of SLD-Resolution for Horn Clauses) Let L 
be any first-order language without equality. Given any finite set S of Horn 
clauses, if S is unsatisfiable, then there is an SLD-refutation with first clause 
some negative clause : —B),...,By, in S. 


Proof: We shall use the lifting technique provided by lemma 8.5.4. First, 
by the Skolem-Herbrand-Gédel theorem, if S$ is unsatisfiable, there is a set S, 
of ground instances of clauses in S which is unsatisfiable. Since substitution 
instances of Horn clauses are Horn clauses, by theorem 9.3.1, there is an 
SLD-refutation for S,, starting from some negative clause in S,. Finally, we 
conclude by observing that if we apply the lifting technique of lemma 8.5.4, 
we obtain an SLD-refutation. This is because we always resolve a negative 
clause (N;) against an input clause (C;). Hence, the result is proved. 
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From theorem 9.3.1, it is also true that if the first negative clause is 
: —B,,..., Bn, for every atom B; in this goal, there is an SLD-resolution whose 
first selected atom is B;. As a matter of fact, this property holds for any clause 
N; in the refutation. 


Even though SLD-resolution is complete for Horn clauses, there is still 
the problem of choosing among many possible SLD-derivations. The above 
shows that the choice of the selected atom is irrelevant. However, we still have 
the problem of choosing a definite clause A: —Bj,..., By, such that A unifies 
with one of the atoms in the current goal clause : —A1,..., Ax_1, Ak, Ak41, --- 
An. 


y] 


Such problems are important and are the object of current research in 
programming logic, but we do not have the space to address them here. The 
interested reader is referred to Kowalski, 1979, or Campbell, 1983, for an 
introduction to the methods and problems in programming logic. 


In the next section, we discuss the use of SLD-resolution as a computa- 
tion procedure for PROLOG. 


PROBLEMS 


9.4.1. Prove using SLD-resolution that the following set of clauses is unsat- 
isfiable: 
add(X,0,X) 
add(X, succ(Y ), succ(Z)) : —add(X, Y, Z) 
: —add(succ(succ(0)), succ(succ(0)), U). 


9.4.2. Prove using SLD-resolution that the following set of clauses is unsat- 
isfiable: 
add(X,0,X) 
add(X, succ(Y), succ(Z)) : —add(X, Y, Z) 
: —add(U, V, succ(succ(succ(0)))). 


Find all possible SLD-refutations. 


9.4.3. Using SLD-resolution, show that the following set of Horn clauses is 
unsatisfiable: 

hanoi(N, Output) : —move(a, b,c, N, Output). 

move(A, B,C, succ(M), Output) : —move(A, C, B, M, Outl), 
move(C, B, A, M, Out2), 
append(Out1, cons(to(A, B), Out2), Output). 

move(A, B,C,0, nil). 

append(cons(A, £1), £2, cons(A, L3)) : —append(L1, L2, £3). 

append(nil, L1, £1). 

: ~hanoi(succ(succ(0)), Z) 
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9.5 SLD-Resolution, Logic Programming (PROLOG) 


We have seen in example 9.4.1 that an SLD-refutation for a set of Horn clauses 
can be viewed as a computation. This illustrates an extremely interesting use 
of logic as a programming language. 


9.5.1 Refutations as Computations 


In the past few years, Horn logic has been the basis of a new type of program- 
ming language due to Colmerauer named PROLOG. It is not the purpose of 
this book to give a complete treatment of PROLOG, and we refer the inter- 
ested reader to Kowalski, 1979, or Clocksin and Mellish, 1981, for details. In 
this section, we shall lay the foundations of the programming logic PROLOG. 
It will be shown how SLD-resolution can be used as a computational proce- 
dure to solve certain problems, and the correctness and completeness of this 
approach will be proved. 


In a logic programming language like PROLOG, one writes programs 
as sets of assertions in the form of Horn clauses, or more accurately, definite 
clauses, except for the goal. A set P of definite clauses is a logic program. As 
we said in Section 9.4, it is assumed that distinct Horn clauses are universally 
quantified. 


Roughly speaking, a logic program consists of facts and assertions. Given 
such a logic program, one is usually interested in extracting facts that are 
consequences of the logic program P. Typically, one has a certain “query” (or 
goal) G containing some free variables zj,...,zg, and one wants to find term 
instances ¢1, ..., tg for the variables 21, ..., zg, such that the formula 


PG ty] Pigasty 24 
is valid. 


For simplicity, it will be assumed that the query is a positive atomic 
formula G. More complicated formulae can be handled (anti-Horn clauses), 
but we will consider this case later. In PROLOG, a goal statement G is 
denoted by ?—G. 


From a logical point of view, the problem is to determine whether the 
sentence 


PD (d21...4d2qG) 


is valid. 


From a computational point of view, the problem is to find term values 
t1,...,tq for the variables z1,...,2q that make the formula 


PD Glti/21, ..., te/2q] 


valid, and perhaps all such assignments. 
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Remarkably, SLD-resolution can be used not only as a proof procedure, 
but also a a computational procedure, because it returns a result substitution. 
The reason is as follows: 


The formula P D (A4z1...4dzgG) is valid iff 
-(P > (dz1...4d2_G)) is unsatisfiable iff 
PA (V21...¥zq7G) is unsatisfiable. 


But since G is an atomic formula, 7G is a goal clause : —G, and PA 
(Vz1...Vzq7G) is a conjuction of Horn clauses! 


Hence, SLD-resolution can be used to test for unsatisfiability, and if 
it succeeds, it returns a result substitution 0. The crucial fact is that the 
components of the substitution o corresponding to the variables 21,...,z are 
answers to the query G. However, this fact is not obvious. A proof will be 
given in the next section. As a preliminary task, we give a rigorous definition 
of the semantics of a logic program. 


9.5.2 Model-Theoretic Semantics of Logic Programs 
We begin by defining what kind of formula can appear as a goal. 


Definition 9.5.1 An anti-Horn clause is a formula of the form 


da,...d¢,B, 


where B is a conjunctions of literals [1 A... A L 
literal and FV(B) = {a1,..., Um}. 


p» With at most one negative 


A logic program is a pair (P,G), where the program P is a set of (uni- 
versal) Horn clauses, and the query G is a disjunction 


(GivniveG,) 


of anti-Horn clauses G; = Jy1...d2m, Bi. 


It is also assumed that for all i 4 j, 1 <i,7 <n, the sets of variables 
FV(B;) and FV(B;) are disjoint. The union {21,...,2,} of the sets of free 
variables occurring in each B; is called the set of output variables associated 
with G. 


Note that an anti-Horn clause is not a clause. However, the terminology 
is justified by the fact that the negation of an anti-Horn clause is a (universal) 
Horn clause, and that —=G is equivalent to a conjunction of universal Horn 
clauses. 


Remark: This definition is more general than the usual definition used 
in PROLOG. In (standard) PROLOG, P is a set of definite clauses (that is, 
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P does not contain negative clauses), and G is a formula that is a conjunction 
of atomic formulae. It is shown in the sequel that more general queries can 
be handled, but that the semantics is a bit more subtle. Indeed, indefinite 
answers may arise. 


EXAMPLE 9.5.1 


The following is a logic program, where P consists of the following 
clauses: 

rocksinger (jackson). 

teacher (jean). 

teacher(susan). 

rich(X) : —rocksinger(X). 

: —teacher(X), rich(X). 


The query is the following disjunction: 


? — arocksinger(Y) V rich(Z) 


EXAMPLE 9.5.2 
The following is the program of a logic program: 


hanoi(N, Output) : —move(a, b,c, N, Output). 
move(A, B,C, succ(M), Output) : —move(A, C, B, M, Out), 
move(C, B, A, M, Out2), 
append(Out1, cons(to(A, B), Out2), Output). 
move(A, B,C,0, nil). 
append(cons(A, £1), £2, cons(A, £3)) : —append(L1, L2, £3). 
append(nil, £1, £1). 


The query is: 


? — hanoi(succ(succ(succ(0))), Output). 


The above program is a logical version of the well known problem known 
as the tower of Hanoi (see Clocksin and Mellish, 1981). 


In order to give a rigorous definition of the semantics of a logic program, 
it is convenient to define the concept of a free structure. Recall that we 
are only dealing with first-order languages without equality, and that if the 
language has no constants, the special constant # is added to it. 


Definition 9.5.2 Given a first-order language L without equality and with 
at least one constant, a free structure (or Herbrand structure) H is an L- 
structure with domain the set Hy, of all closed L-terms, and whose interpre- 
tation function satisfies the following property: 
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(i) For every function symbol f of rank n, for all t1,...,tp € AL, 


fu(fi, tn) = fty...ty and 


(ii) For every constant symbol c, 


cH = C. 


The set of terms Hy, is called the Herbrand universe of L. For simplicity 
of notation, the set Hy, is denoted as H when L is understood. The following 
lemma shows that free structures are universal. This lemma is actually not 
necessary for giving the semantics of Horn clauses, but it is of independent 
interest. 


Lemma 9.5.1 A sentence X in NNF containing only universal quantifiers 
is satisfiable in some model iff it is satisfiable in some free structure. 


Proof: Clearly, if X is satisfied in a free structure, it is satisfiable in some 
model. For the converse, assume that X has some model A. We show how a 
free structure can be constructed from A. We define the function h: H — A 
as follows: 


For every constant c, h(c) = ca; 


For every function symbol f of rank n > 0, for any n terms ¢4,...,tn € H, 
h(fti...tn) = fa(h(tr),...,h(tn)). 


Define the interpretation of the free structure H such that, for any pred- 
icate symbol P of rank n, for any n terms 1j,...,tn € HA, 


HE P(t,...,tn) iff A P(h(ty),..., h(tn))- (x) 


We now prove by induction on formulae that, for every assignment s: V — H, 
if AE X[soh], then HE X{s]. 


(i) If X is a literal, this amounts to the definition («). 
(ii) If X is of the form (BAC), then A — X[s 0 h] implies that 


AEB[soh] and AEC|soh]. 


By the induction hypothesis, 


H [| Bis] and HE CsI, 


that is, H & X[s]. 
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(iii) If X is of the form (BV C), then A — X[s 0 h] implies that 


AE B[soh] or AEC[s oh]. 


By the induction hypothesis, 


HE Bis] or HE Cs, 


that is, H — X[s]. 


(iv) X is of the form 4r7B. This case is not possible since X does not 
contain existential quantifiers. 


(v) X is of the form VaB. If A E X[s 0 A], then for every a € A, 


A FE Bi(soh)[z := al]. 


Now, since h: H — A, for every t € H, h(t) = a for some a € A, and so, for 
every t in H, 


AE Bi(soh)[a := h(t)]], that is, A — B[(s[x := t]) 0 Al. 


By the induction hypothesis, H — B[s[x := ¢]] for allt € H, that is, H ] X[s]. 


It is obvious that lemma 9.5.1 also applies to sets of sentences. Also, 
since a formula is unsatisfiable iff it has no model, we have the following 
corollary: 


Corollary Given a first-order language without equality and with some 
constant, a set of sentences in NNF and only containing universal quantifiers 
is unsatisfiable iff it is unsatisfiable in every free (Herbrand) structure. 


We now provide a rigorous semantics of logic programs. 


Given a logic program (P,G), the question of interest is to determine 
whether the formula P D G is valid. Actually, we really want more. If 
{21, ---; 2q} is the the set of output variables occurring in G, we would like to 
find some (or all) tuple(s) (ti,...,t,) of ground terms such that 


E PD (By Viv B,)[ti/z1, sap tg ZA) 


As we shall see, such tuples do not always exist. However, indefinite (or 
disjunctive) answers always exist, and if some conditions are imposed on P 
and G, definite answers (tuples of ground terms) exist. 


Assume that P D G is valid. This is equivalent to =(P D G) being 
unsatisfiable. But =(P D G) is equivalent to P \ 4G, which is equivalent 
to a conjunction of universal Horn clauses. By the Skolem-Herbrand-Godel 
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theorem (theorem 7.6.1), if {1,...,2%m} is the set of all universally quantified 
variables in P A AG, there is some set 


(Co peer oie Deel «canary am 
of m-tuples of ground terms such that the conjunction 
(PA-7G){tt/21,...,t},/am] A... A(P AAG) [ER /a1, ..., t®,/2m] 
is unsatisfiable (for some k > 1). From this, it is not difficult to prove that 


Pe Gltr) eisact od tall Vi OG nt ate: 


However, we cannot claim that k = 1, as shown by the following example. 


EXAMPLE 9.5.3 


Let P = =Q(a) V =Q(b), and G = Jr7Q(x). P D G is valid, but there 
is no term t such that 


=Q(a) V 7Q(b) D =Q(t) 
is valid. 


As a consequence, the answer to a query may be indefinite, in the sense 
that it is a disjunction of substitution instances of the goal. However, definite 
answers can be ensured if certain restrictions are met. 


Lemma 9.5.2 (Definite answer lemma) If P is a (finite) set of definite 
clauses and G' is a query of the form 


dz1...52q(Bi ere A Bi), 


where each B; is an atomic formula, if 


E PD dz1...52q(Bi A... A Bi), 


then there is some tuple (t1,...,tq) of ground terms such that 


E PD (B, A... A By) [ti /21, iitgitels 


Proof: 


E PD Azy...zq(Bi A... A Bi) iff 
PAV 2..NZq(-Bi V ...V Bi) is unsatisfiable. 


By the Skolem-Herbrand-Godel theorem, there is a set C of ground substitu- 
tion instances of the clauses in PU {—B,,..., >B;} that is unsatisfiable. Since 
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the only negative clauses in C come from {—=B,,...,7B,}, by lemma 9.2.5, 
there is some substitution instance 


(AB, Mice Vi 7B) [ti /21, wey tg /2q] 


such that 
P/UL{(AB,V ... V 7B) [ti /21, wsybal Sal} 


is unsatisfiable, where P’ is the subset of C consisting of substitution instances 
of clauses in P. But then, it is not difficult to show that 


E PD (By Ae Bi)[ti/z1, sly ba] Zag): 


The result of lemma 9.5.2 justifies the reason that in PROLOG only 
programs consisting of definite clauses and queries consisting of conjunctions 
of atomic formulae are considered. With such restrictions, definite answers 
are guaranteed. The above discussion leads to the following definition. 


Definition 9.5.3 Given a logic program (P,G) with query G = 42,...dz,B 
and with B = (B,V...V B,), the semantics (or meaning) of (P, G) is the set 


MUP GY S| AG ety yes Ch yeeste hy ee k E ayth) ee 
= P > Blit /z, trad a) 4 Vir VBE 25; xajte Peal 


of sets q-tuples of terms in the Herbrand universe H that make the formula 
PS Bi Asta] al Vo Bith /z, ea 


valid (in every free structure). 


If P is a set of definite clauses and B is a conjunction of atomic formulae, 
k=1. 


9.5.3 Correctness of SLD-Resolution as a Computation 
Procedure 


We now prove that for every SLD-refutation of the conjunction of clauses in 
PA-7G, the components of the result substitution o restricted to the output 
variables belong to the semantics M(P,G) of (P,G). We prove the following 
slightly more general lemma, which implies the fact mentioned above. 


Lemma 9.5.3 Given a set P of Horn clauses, let R be an SLD-refutation 
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Cp Ans CG; sae Co Ci No = G; 
Ny O71 
a ANo 02 
rd Oo; 
N, =O Op 


with result substitution o (not necessarily ground). Let 0, = p, 0°), and for 
every 1,1 <i<p-—1, let 


9; = (9; 0 0%) © O41. 


(Note that o = 61, the result substitution.) The substitutions 0; are also 
called result substitutions.) Then the set of quantifier-free clauses 


{61(No), 1(C1), ---» Op(Cp) } 


is unsatisfiable (using the slight abuse of notation in which the matrix D of a 
clause C = Vx1...VrxD is also denoted by C). 


Proof: We proceed by induction on the length of the derivation. 


(i) If p = 1, No must be a negative formula : —B and C{ a positive literal 
A such that A and B are unifiable, and it is clear that {70,(B),6:(C)} is 
unsatisfiable. 


(ii) If p > 1, then by the induction hypothesis, taking N, as the goal of 
an SLD-refutation of length p — 1 the set 


{82(N1), 42(C2), ---» Ip(Cp) } 
is unsatisfiable. But No is some goal clause 
: —Aj,...; Ap—1, Ag, Abi, +) An; 
and C is some definite clause 
A: —-Bj,,...,Bm, 
such that A and A, are unifiable. Furthermore, the resolvent is given by 


Ni = —01(Aj, reg Ag—1, p1(B1), .) P1(Bm), Arq, wey) 
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where og, is a most general unifier, and we know that 
o1(No) A (p19 01)(C1) > Ni 


is valid (by lemma 8.5.1). Since p; is a renaming substitution, it is the identity 
on No, and by the definition of 6,, we have 


{62(01(No)), 92(1 © 71(C1)), A2(C2), -.-, Ip (Cp) 
= {01(No), 01(C1), 2(C2), ..., 9pn(Cp) }. 


If {0;(No), 1(C1), .--, 9p(Cp) } was satisfiable, since 
o1(No) A (p1 ° a1)(C1) DN, 


is valid, 
{62(N1), 82(C2), .--; Op(Cp) } 


would also be satisfiable, a contradiction. Hence, 


{61(No), 1(C1), ++» Op(Cp) f 


is unsatisfiable. 


Theorem 9.5.1 (Correctness of SLD-resolution as a computational pro- 
cedure) Let (P,G) be a logic program with query G = 42)...4z,B, with 
B= (B,V...V Bn). For every SLD-refutation R =< No,M,...,Np > 
for the set of Horn clauses in P A 7G, if R uses (as in lemma 9.5.3) the 
list of definite clauses < Cj,...,Cp >, the list of result substitutions (not 
necessarily ground) < 64,...,0, >, and if < 7ACj,,...,7C;, > is the subse- 
quence of < No, C1,...,Cp > consisting of the clauses in {=B),..., >B,} (with 
aC = No), then 


E PD O;,(Ci,) V ... V Oi, (Ci, )- 
Proof: Let P’ be the set of formulae obtained by deleting the universal 


quantifiers from the clauses in P. By lemma 9.5.3, there is a sequence of 
clauses < No, C1,...,Cp > from the set P’ U{-B},...,7B,} such that 


{61(No), 91(C1), ---» Op(Cp) f 


is unsatisfiable. But then, it is easy to construct a proof of 


PD O;,(Ci,) VV 95, (Ci, ) 


(using V : right rules as in lemma 8.5.4), and this yields the result. 


Note: The formulae C;j,,.. 
stitutions 6;,,...,0;, might be. 


Cj, are not necessarily distinct, but the sub- 
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Corollary Let (P,G) be a logic program such that P is a set of definite 
clauses and G is a formula of the form 4z,...4z,B, where B is a conjunction of 
atomic formulae. For every SLD-refutation of the set of Horn clauses PA 7G, 
if o is the result substitution and (t1/21,...,t,¢/Zq) is any ground substitution 
such that for every variable z; in the support of o, t; is some ground instance 
of o(z;) and otherwise t; is any arbitrary term in H, then 


E PD Biti/21,.--,tq/Zq]- 


Proof: First, observe that ~B must be the goal clause No. Also, if some 
output variable z; does not occur in the support of the output substitution 
o, this means that o(z;) = z;. But then, it is immediate by lemma 9.5.3 that 
the result of substituting arbitrary terms in H for these variables in 


{61(No), 91(C1), ---; Op(Cp) } 


is also unsatisfiable. 


Theorem 9.5.1 shows that SLD-resolution is a correct method for com- 
puting elements of M(P, G), since every set {(t], ...,t)),.-- (tf, ..., t#) } of tuples 
of terms in H returned by an SLD-refutation (corresponding to the output 
variables) makes 


PS Bley /zispthl Viiv Bl aziyinth [24] 


valid. 


Remark: Normally, we are interested in tuples of terms in H, because 
we want the answers to be interpretable as definite elements of the Herbrand 
universe. However, by lemma 9.5.3, indefinite answers (sets of tuples of terms 
containing variables) have to be considered. This is illustrated in the next 
example. 


EXAMPLE 9.5.4 


Consider the logic program of example 9.5.1. The set of clauses corre- 
sponding to P A =G is the following: 


rocksinger (jackson). 
teacher(jean). 
teacher(susan). 
rich(X) : —rocksinger(X). 
: —teacher(X), rich(X). 
rocksinger(Y). 
: —rich(Z) 
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Note the two negative clauses. There are four SLD-refutations, two with 
goal : —teacher(X), rich(X), and two with goal : —rich(Z). 


(i) SLD-refutation with output (jean/Y): 


Goal clause Input clause Substitution 
: —teacher(X), rich(X) teacher(jean) 
: —rich(jean) rich(X) :—rocksinger(X)  (jean/X) 
: —rocksinger(jean) rocksinger(Y ) (jean/X1) 
(jean/Y1) 


The result substitution is (jean/Y, jean/X). Also, Z is any element of 
the Herbrand universe. 


(ii) SLD-refutation with output (susan/Y): Similar to the above. 
(iii) SLD-refutation with output (jackson/Z): 


Goal clause Input clause Substitution 
: —rich(Z) rich(X) : —rocksinger(X) 
: —rocksinger(X1) rocksinger(jackson) (X,/Z) 
(jackson/X1) 


Y is any element of the Herbrand universe. 


(iv) SLD-refutation with output (¥1/Y,¥Yi/Z): 


Goal clause Input clause Substitution 
: —rich(Z) rich(X) : —rocksinger(X) 
: —rocksinger(X}) rocksinger(Y ) (X1/Z) 
(¥i/%X1) 


In this last refutation, we have an indefinite answer that says that for 
any Y, in the Herbrand universe, Y = Yi, Z = Y; is an answer. This is 
indeed correct, since the clause rich(X) : —rocksinger(X) is equivalent 
to arocksinger(X) V rich(X), and so 


E PD (7rocksinger(Y1) V rich(Y1)). 


We now turn to the completeness of SLD-resolution as a computation 
procedure. 
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9.5.4 Completeness of SLD-Resolution as a Computa- 
tional Procedure 


The correctness of SLD-resolution as a computational procedure brings up im- 
mediately the question of its completeness. For any set of tuples in M(P,G), 
is there an SLD-refutation with that answer? This is indeed the case, as 
shown below. We state and prove the following theorem for the special case 
of definite clauses, leaving the general case as an exercise. 


Theorem 9.5.2 Let (P,G) bea logic program such that P is a set of definite 
clauses and G' is a goal of the form 4z,...4dz,B, where B is a conjunction 
By... By of atomic formulae. For every tuple (t1,...,t,) € M(P,G), there 
is an SLD-refutation with result substitution o and a (ground) substitution 7 
such that the restriction of 007 to 21,...,2q is (t1/21, ..., tq/Zq)- 


Proof: By definition, (t1,...,t,) € M(P, G) iff 


E PD (BLA... A By) [ti /21, ..,tq/2q] iff 
PA (AB, V ...V AB) [t1/21,-..,t¢/Zq] is unsatisfiable. 


By theorem 9.5.1, there is an SLD-refutation with output substitution 61. 
Since 
(=B, Vinee 7B, )[t1/21, seey tq/Zq] 


is the only negative clause, by lemma 9.5.3, for some sequence of clauses 
< C},...,;Cp > such that the universal closure of each clause C; is in P, 


{01((-B, Verio, =B,)[ti/z1, seey tq/Zq]); 61(C1), seey O,(Cy) } 


is also unsatisfiable. If 0; is not a ground substitution, we can substitute 
ground terms for the variables and form other ground substitutions 64,...,0, 
such that, 


{0,((-Bi V ... V 7Bn)[t1/21, «5 tq/Zq]), 4 (C1); «5 4,(Cp)} 
is still unsatisfiable. Since the terms ¢1,...,fg are ground terms, 
6 ((-B, Vee. aB,)[t1/21, wey tq/2q]) = (=B, MeV. 7B, )[ti/z1, seyitay Zale 


By theorem 9.3.1, there is a ground SLD-refutation R, with sequence of input 
clauses 

6 a Bi VeVi aba) | Ay why eq) Ons, Aor 

{Bi Vie VB) instal fal oO Cras 6,(Cp)}- 
By the lifting lemma (lemma 8.5.4), there is an SLD-refutation R with se- 
quence of input clauses 

< {AB),...,7Bn},CY,..,C > for 
APB ig <5 By by yang Op fs 
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such that for every pair of clauses Nj’ in R and Nj in Ry, Nj = (Nj), for 
some ground substitution 7;. Let 7 = 7,, and let o be the result substitution 
of the SLD-refutation R. It can be shown that 

(=B, Mosca VM 7B, )[ti/z1, seey tq/Zq] = (a ° n) (7B, Viv =B,), 


which shows that (t;/21, ...,tq/%q) is equal to the restriction of con to 21, ..., 2q- 


9.5.5 Limitations of PROLOG 


Theorem 9.5.1 and theorem 9.5.2 show that SLD-Resolution is a correct and 
complete procedure for computing the sets of tuples belonging to the meaning 
of a logic program. From a theoretical point of view, this is very satisfactory. 
However, from a practical point of view, there is still something missing. In- 
deed, we still need a procedure for producing SLD-refutations, and if possible, 
efficiently. It is possible to organize the set all SLD-refutations into a kind of 
tree (the search space), and the problem is then reduced to a tree traversal. 
If one wants to retain completeness, the kind of tree traversal chosen must be 
a breadth-first search, which can be very inefficient. Most implementations of 
PROLOG sacrifice completeness for efficiency, and adopt a depth-first traver- 
sal strategy. 


Unfortunately, we do not have the space to consider these interesting 
issues, but we refer the interested reader to Kowalski, 1979, and to Apt and 
Van Emden, 1982, where the semantics of logic programming is investigated 
in terms of fixedpoints. 


Another point worth noting is that not all first-order formulae (in Skolem 
form) can be expressed as Horn clauses. The main limitation is that negative 
premises are not allowed, in the sense that a formula of the form 


B: —Aj, w) Ag_1, TA, Aisi, seey An. 


is not equivalent to any Horn clause (see problem 3.5.9). 


This restriction can be somewhat overcome by the negation by failure 
strategy, but one has to be careful in defining the semantics of such programs 
(see Kowalski, 1979, or Apt and Van Emden, 1982). 


PROBLEMS 


9.5.1. (a) Give an SLD-resolution and the result substitution for the follow- 
ing set of clauses: 
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9.5.2. 


9.5.3. 


9.5.4. 
9.5.5. 


* 9.5.6 
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French( Jean). 
French( Jacques). 
British( Peter). 
likewine(X,Y) : —French(X), wine(Y). 
likewine(X, Bordeaux) : —British(X). 
wine( Burgundy). 
wine( Bordeaux). 
: —likewine(U,V). 


(b) Derive all possible answers to the query likewine(U,V). 


Give an SLD-resolution and the result substitution for the following 
set of clauses: 


append(cons(A, £1), £2, cons(A, L3)) : —append(L1, L2, L3). 
append(nil, £1, £1). 


: —append(cons(a, cons(b, nil)), cons(b, cons(c, nil)), Z) 


Give an SLD-resolution and the result substitution for the following 
set of clauses: 


hanoi(N, Output) : —move(a, b,c, N, Output). 
move(A, B,C, succ(M), Output) : —move(A, C, B, M, Out), 
move(C, B, A, M, Out2), 
append(Out1, cons(to(A, B), Out2), Output). 
move(A, B,C,0, nil). 
append(cons(A, £1), £2, cons(A, L3)) : —append(L1, L2, £3). 
append(nil, £1, £1). 
: —hanoti(succ(succ(succ(0))), Z) 


Complete the proof of theorem 9.5.1 by filling in the missing details. 


State and prove a generalization of theorem 9.5.2 for the case of ar- 
bitrary logic programs. 


Given a set S of Horn clauses, an H-tree for S is a tree labeled with 
substitution instances of atomic formulae in S' defined inductively as 
follows: 


(i) A tree whose root is labeled with F (false), and having n im- 
mediate successors labeled with atomic formulae Bj,...,B,, where 
: —By,..., Bn is some goal clause in S, is an H-tree. 


(ii) If T is an H-tree, for every leaf node wu labeled with some atomic 
formulae X that is not a substitution instance of some atomic formula 
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B in S (a definite clause consisting of a single atomic formula), if X 
is unifiable with the lefthand side of any clause A : —By,..., By in 
S, if o is a most general unifier of X and A, the tree T’ obtained 
by applying the substitution o to all nodes in T and adding the k 
(k > 0) immediate successors o(B;),...,0(By) to the node wu labeled 
with o(X) = o(A) is an H-tree (if k = 0, the tree T becomes the tree 
T’ obtained by applying the substitution o to all nodes in T. In this 
case, o(X) is a substitution instance of an axiom.) 


An H-tree for S is a proof tree iff all its leaves are labeled with substi- 
tution instances of axioms in S' (definite clauses consisting of a single 
atomic formula). 


Prove that S is unsatisfiable iff there is some H-tree for S which is a 
proof tree. 


Hint: Use problem 9.2.4 and adapt the lifting lemma. 


* 9.5.7 Complete the proof of theorem 9.5.2 by proving that the substitution 
yp = (ti/21,...,tq/2%q) is equal to the restriction of go to 2,...,%q. 


Hint: Let R =< Ni,...,N,’ > be the nonground SLD-refutation 
obtained by lifting the ground SLD-refutation R, =< Nj,...,N/ >, 
and let < of,...,0/’ > be the sequence of unifiers associated with 
R. Note that o = o//0...00/!. Prove that there exists a sequence 
< 0,---;%r > of ground substitutions, such that, 79 = y, and for 
every i, 1 <a<r, m-1 = 4°, where ; denotes the restriction of 
o}’ to the support of m1. Conclude that yp = Ay 0...0 A, o Np. 


Notes and Suggestions for Further Reading 


The method of SLD-resolution is a special case of the SL-resolution of Kowal- 
ski and Kuehner (see Siekman and Wrightson, 1983), itself a derivative of 
Model Elimination (Loveland, 1978). 


To the best of our knowledge, the method used in Sections 9.2 and 9.3 for 
proving the completeness of SLD-resolution for (propositional) Horn clauses 
by linearizing a Gentzen proof in SLD-form to an SLD-refutation is original. 


For an introduction to logic as a problem-solving tool, the reader is re- 
ferred to Kowalski, 1979, or Bundy, 1983. Issues about the implementation 
of PROLOG are discussed in Campbell, 1983. So far, there are only a few 
articles and texts on the semantic foundations of PROLOG, including Kowal- 
ski and Van Emden, 1976; Apt and Van Emden, 1982; and Lloyd, 1984. The 
results of Section 9.5 for disjunctive goals appear to be original. 


Chapter 10 


Many-Sorted 
First-Order Logic 


10.1 Introduction 


There are situtations in which it is desirable to express properties of structures 
of different types (or sorts). For instance, this is the case if one is interested in 
axiomatizing data strutures found in computer science (integers, reals, char- 
acters, stacks, queues, lists, etc). By adding to the formalism of first-order 
logic the notion of type (also called sort), one obtains a flexible and convenient 
logic called many-sorted first-order logic, which enjoys the same properties as 
first-order logic. 


In this chapter, we shall define and give the basic properties of many- 
sorted first-order logic. It turns out that the semantics of first-order logic can 
be given conveniently using the notion of a many-sorted algebra defined in 
Section 2.5, given in the appendix. Hence, the reader is advised to review the 
appendix before reading this chapter. 


At the end of this chapter, we give an algorithm for deciding whether a 
quantifier-free formula is valid, using the method of congruence closure due 
to Kozen (Kozen, 1976, 1977). 


Due to the lack of space, we can only give a brief presentation of many- 


sorted first-order logic, and most proofs are left as exercises. Fortunately, they 
are all simple variations of proofs given in the first-order case. 
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10.2 Syntax 


First, we define alphabets for many-sorted first-order languages. 


10.2.1 Many-Sorted First-Order Languages 


In contrast to standard first-order languages, in many-sorted first-order lan- 
guages, the arguments of function and predicate symbols may have different 
types (or sorts), and constant and function symbols also have some type (or 
sort). Technically, this means that a many-sorted alphabet is a many-sorted 
ranked alphabet as defined in Subsection 2.5.1. 


Definition 10.2.1 The alphabet of a many-sorted first-order language con- 
sists of the following sets of symbols: 


A countable set S'U {bool} of sorts (or types) containing the special sort 
bool, and such that S is nonempty and does not contain bool. 


Logical connectives: A (and), V (or), D (implication), = (equivalence), 
all of rank (bool.bool, bool), = (not) of rank (bool, bool), L (of rank (e, bool)); 


Quantifiers: For every sort s € S, V, (for all), 4, (there exists), each of 
rank (bool, bool); 


For every sort s in S, the equality symbol =,, of rank (ss, bool). 


Variables: For every sort s € S, a countably infinite set V, = {x0,%1, 
x2,...$, each variable x; being of rank (e, s). The family of sets V, is denoted 
by V. 


Ausailiary symbols: “(” and “)”. 
An (SU {bool})-ranked alphabet L of nonlogical symbols consisting of: 


(i) Function symbols: A (countable, possibly empty) set FS of symbols 
fo, fis, and a rank function r: FS > S* x S, assigning a pair r(f) = (u, s) 
called rank to every function symbol f. The string wu is called the arity of f, 
and the symbol s the sort (or type) of f. 


(ii) Constants: For every sort s € S, a (countable, possibly empty) set 
CS, of symbols co, c1,..., each of rank (e, s). The family of sets CS, is denoted 
by CS. 


(iii) Predicate symbols: A (countable, possibly empty) set PS of symbols 
Po, Pi,..., and a rank function r: PS > S* x {bool}, assigning a pair r(P) = 
(u, bool) called rank to each predicate symbol P. The string wu is called the 
arity of P. If u=e, P is a propositional letter. 


It is assumed that the sets V,, FS, CS,, and PS are disjoint for all 
s € S. We will refer to a many-sorted first-order language with set of nonlog- 
ical symbols L as the language L. Many-sorted first-order languages obtained 
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by omitting the equality symbol are referred to as many-sorted first-order 
languages without equality. 


Observe that a standard (one sorted) first-order language corresponds 
to the special case of a many-sorted first-order language for which the set S 
of sorts contains a single element. 


We now give inductive definitions for the sets of many-sorted terms and 
formulae. 


Definition 10.2.2 Given a many-sorted first-order language L, let [ be the 
union of the sets V, CS, FS, PS, and {1}, and let [, be the subset of 
consisting of all strings whose leftmost symbol is of sort s € S'U {bool}. 


For every function symbol f of rank (uy...Un,s), let Cy be the function 
Cr: Tu, Xx Pu, — Ps such that, for all strings t1,...,tn, with each t; of 
sort Ui, 


Cs(t1, ..5tn) = ftrtn. 


For every predicate symbol P of arity u1...un, let Cp be the function 
Cp:Tu, x..xTu, — Pooo such that, for all strings t),...,t,, each t; of sort 
Ui, 


Cp(t1,...,tn) = Pty..tn. 


Also, let C= be the function C® : (T's)? > Tyoor (of rank (ss, bool)) such 
that, for all strings t, tz of sort s, 


C® (t,t) = =z tite. 


Finally, the functions C,, Cy, C5, C=, CQ are defined as in definition 
3.2.2, with Ca, Cy, C5, C= of rank (bool.bool, bool), C_, of rank (bool, bool), 
and the functions A?, E? : Tyoo1 + Toor (of rank (bool, bool)) are defined such 
that, for any string A in Tgoor, 


A$(A) =V,a,A, and £3(A) = A.x;A. 


The (S'U {bool})-indexed family ('s)se(su{bool}) is made into a many- 
sorted algebra also denoted by T as follows: 


Each carrier of sort s € (S'U {bool}) is the set of strings T’,; 
Each constant c of sort s in CS is interpreted as the string c; 


Each predicate symbol P of rank (e, bool) in PS (propositional symbol) 
is interpreted as the string P; 


The constant L is interpreted as the string L. 


The operations are the functions Cy, Cp, Ca, Cy, C5, Ca, Ca, C*, A? 
and E?. 7 


From Subsection 2.5.5, we know that there is a least subalgebra T(L, V) 
containing the (5 U {bool})-indexed family of sets V (with the component of 
sort bool being empty). 
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The set of terms TERMf of L-terms of sort s (for short, terms of sort 
s) is the carrier of sort s of T(L, V), and the set FORM, of L-formulae (for 
short, formulae) is the carrier of sort bool of T(L, V). 


A less formal way of stating definition 10.2.2 is the following. Terms and 
atomic formulae are defined as follows: 


(i) Every constant and every variable of sort s is a term of sort s. 


(ii) If t1,...,¢, are terms, each ¢; of sort u;, and f is a function symbol 
of rank (uy...Un, 8), then fty...t, is a term of sort s. 


(iii) Every propositional letter is an atomic formula, and so is L. 


(iv) If t1,...,tn are terms, each ¢; of sort u;, and P is a predicate symbol 
of arity uy,..-Un, then Pt,...t, is an atomic formula; If t; and tz are terms of 
sort s, then =, tit is an atomic formula; 


Formulae are defined as follows: 
(i) Every atomic formula is a formula. 


(ii) For any two formulae A and B, (AA B), (AV B), (AD B), (A= B) 
and —A are also formulae. 


(iii) For any variable x; of sort s and any formula A, V,2;A and 4,2;A 
are also formulae. 


EXAMPLE 10.2.1 


Let L be following many-sorted first-order language for stacks, where 
S= {stack, integer}, CS integer = {0}, CS stack = {A}, FS = { Succ, 
+,x*, push, pop, top}, and PS = {<}. 


The rank functions are given by: 


push) = (stack.integer, stack); 
pop) = (stack, stack); 


Then, the following are terms: 
Succ 0 
top push A Succ 0 


EXAMPLE 10.2.2 


Using the first-order language of example 10.2.1, the following are for- 
mulae: 
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< 0 Succ 0 


Vinteger£V stackY =stack POP push yYry. 


10.2.2 Free Generation of Terms and Formulae 
As in Subsections 5.2.2 and 5.2.3, it is possible to show that terms and for- 


mulae are freely generated. This is left as an exercise for the reader. 


Theorem 10.2.1 The many-sorted algebra T(L, V) is freely generated by 
the family V. 


As a consequence, the family TERM, of many-sorted terms is freely 
generated by the set of constants and variables as atoms and the functions 
Cy, and the set of L-formulae is freely generated by the atomic formulae as 
atoms and the functions Cx (X a logical connective), A? and E?. 


Remarks: 


(1) Instead of defining terms and atomic formulae in prefix notation, one 
can define them as follows (using parentheses): 


The second clause of definition 10.2.2 is changed to: For every function 
symbol f of rank (uy,...U,,s) and any terms ty,...,¢,, with each ¢; of sort u;, 
f(ti,...,¢n) is a term of sort s. Also, atomic formulae are defined as follows: 


For every predicate symbol P of arity uj ...un, for any terms f,...,tn, 
with each ¢; of sort u;, P(t1,...,¢n) is an atomic formula; For any terms t 
and tg of sort s, (tj =, t2) is an atomic formula. 


We will also use the notation Va: sA and Jax: sA, instead of V,7A and 
4,7 A. 


One can still show that the terms and formulae are freely generated. 
In the sequel, we shall use either notation. For simplicity, we shall also fre- 
quently use = instead of =, and omit parentheses whenever possible, using 
the conventions adopted in Chapter 5. 


(2) The many-sorted algebra T(L, V) is free on the set of variables V 
(as defined in Section 2.5), and is isomorphic to the tree algebra Ty,(V) (in 
Ti(V), the term A#(A) is used instead of Vr; : sA, and E#(A) instead of 
Fa; : 8A). 


10.2.3 Free and Bound Variables, Substitutions 


The definitions of free and bound variables, substitution, and term free for a 
variable in a formula given in Chapter 5 extend immediately to the many- 
sorted case. The only difference is that in a substitution s[t/x] or A[t/a] of a 
term t for a variable x, the sort of the term t must be equal to the sort of the 
variable x. 
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PROBLEMS 


10.2.1. Prove theorem 10.2.1. 


10.2.2. Examine carefully how the definitions of Section 5.2 generalize to the 
many-sorted case (free and bound variables, substitutions, etc.). 


10.2.3. Give a context-free grammar describing many-sorted terms and many- 
sorted formulae, as in problem 5.2.8. 


10.2.4. Generalize the results of problems 5.2.3 to 5.2.7 to the many-sorted 
case. 


10.3 Semantics of Many-Sorted First-Order Languages 


First, we need to define many-sorted first-order structures. 


10.3.1 Many-Sorted First-Order Structures 


Given a many-sorted first-order language L, the semantics of formulae is de- 
fined as in Section 5.3, but using the concept of a many-sorted algebra rather 
than the concept of a (one-sorted) structure. 


Recall from definition 10.2.1 that the nonlogical part L of a many-sorted 
first-order language is an (S U {bool})-sorted ranked alphabet. 


Definition 10.3.1 Given a many-sorted first-order language L, a many- 
sorted L-structure M, (for short, a structure) is a many-sorted L-algebra as 
defined in Section 2.5.2, such that the carrier of sort bool is the set BOOL = 
{T,F}. 


Recall that the carrier of sort s is nonempty and is denoted by Msg. 
Every function symbol f of rank (u1...Un, 8) is interpreted as a function fm : 
M"“ — Mg, with MY = M™ x... x M"", w= u}...Un, each constant c of sort 
8 is interpreted as an element cy in M,, and each predicate P of arity u1...un 
is interpreted as a function Py :M“ — BOOL. 


10.3.2 Semantics of Formulae 


We now wish to define the semantics of formulae by generalizing the definition 
given in Section 5.3. 


Definition 10.3.2 Given a first-order many-sorted language L and an L- 
structure M, an assignment of sort s is any function v,: V, — M, from the 
set of variables V, to the domain M,. The family of all such functions is de- 
noted as [V, — M,]. An assignment v is any S-indexed family of assignments 
of sort s. The set of all assignments is denoted by [V > M]. 
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As in Chapter 5, the meaning of a formula is defined recursively using 
theorem 2.5.1. In order to apply theorem 2.5.1, it is necessary to define a 
many-sorted algebra M. For this, the next two definitions are needed. 


Definition 10.3.3 For all i > 0, for every sort s, the functions (A%) jy and 
(E%) 4 (of rank (bool, bool)) from [[V — M] — BOOL] to [[V — M] — 
BOOL]) are defined as follows: For every function f in [[V —- M] — BOOT], 
(A$) m(f) is the function such that: For every assignment v in [V — M], 


(A) m(f() =F iff f(vlai = a)) = F for some a € Mg; 


The function (£) ,4(f) is the function such that: For every assignment 
vin [V > M], 


(EX) m(f)(v) =T iff f(vla;:=a)) = T for some a € Mg. 


Note that (A?) a(f)(v) = T iff the function g, : M; — BOOL such 
that g,(a) = f(v[x; := a]) for all a € M,, is the constant function whose value 
is T, and that (£?)u(f)(v) = F iff the function g, : M, ~ BOOL defined 
above is the constant function whose value is F. 


Definition 10.3.4 Given any L-structure M, the many-sorted algebra M 
is defined as follows. For each sort s € S, the carrier M, is the set [[V — 
M] — M4], and the carrier My,,; is the set [[V — M] — BOOL]. The 
functions Aji, Va, Dm and = of rank (bool.bool, bool) from Mboo1 X M boot 
to Mooo1, and the function 7,4 of rank (bool, bool) from Mooo1 to Moboo1 are 
defined as follows: For every two functions f,g in Mobooi, for every assignment 
vin [V > M], 


AM(f,9)(v) = Ha(f(v), 9(v)); 
Vault, 9)(v) = Hv(f(v), 9(v)); 
Sm (f,9)(v) = H3a(F(e), 9()); 
=m (f,9)(v) = Ha(f(w), g(v)); 


aM (f)(v) = Ha(f(e)). 


For every function symbol f of rank (u,s), every predicate symbol P of 
rank (u, bool), and every constant symbol c, the functions fry, : MY“ -— M,, 
Py: M” > Mooo1, and the function cy, € M, are defined as follows. For 
any (91,---;9n) € M", (n = |u|), for any assignment v in [V — M], 

fau(915-++5In)(v) = f(gi(v), «++ Inv); 

Pu(g, ster ,Gn)(v) = Pu(gi(v), as: »9n(v)); 

cm(v) = cm. 

For every variable x of sort s, we also define zy, € M, as the function 
such that for every assignment v, ryi(v) = s(x). Let p : V — M be the 
function defined such that, y(x) = xu. Since T(L,V) is freely generated 
by V, by theorem 2.5.1, there is a unique homomorphism ¢ : T(L,V) — M 
extending y. We define the meaning tyy of a term t as G(t), and the meaning 
Am of a formula A as G(A). The explicit recursive definitions follow. 
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Definition 10.3.5 Given a many-sorted L-structure M and an assignment 
vu: V— M, the function ty : [V — M] — M, defined by a term t of sort s is 
the function such that for every assignments v in [V — M], the value ty[v] 
is defined recursively as follows: 

(i) tm[v] = vs(x), for a variable x of sort s; 

(ii) cnt[v] = cm, for a constant c; 

(iii) (fti...tr)mlv] = fi ((ta ae], --- (tn) av). 

The recursive definition of the function Ay : [V — M] > BOOL is 
now given. 


Definition 10.3.6 The function Am : [V — M] — BOOL is defined recur- 
sively by the following clauses: 

(1) For atomic formulae: Ay is the function such that, for every assign- 
ment v, 

(Pty...tn)m[v] = Pu ((t1)m [2], ---; (tr) m[v]); 

(=, tite)m[v] =7f (t:)m[v] = (t2)m[v] then T else F; 

(L)m[v] = F; 

(2) For nonatomic formulae: 

(A «x B)m = *m(Am, Bm), where * is in {A,V,D,=}, and *,, is the 
corresponding function defined in definition 10.3.4; 

(-A)m = 7M (Am); 

(Wai: sA)m = (AZ)u(Am); 
da; : sA)m = (£3) m(Am). 

Note that by definitions 10.3.3, 10.3.4, 10.3.5, and 10.3.6, for every as- 
signment v, 

(Va;: sA)m[v] = T iff Amlola; := m]] = T, for all me M,, and 
(Sa;:sA)m[v] =T iff Am[vla2; := mj] = T, for some me Mg. 


— 


The notions of satisfaction, validity, and model are defined as in Sub- 
section 5.3.3. As in Subsection 5.3.4, it is also possible to define the semantics 
of formulae using modified formulae obtained by substitution. 


10.3.3 An Alternate Semantics 
The following result analogous to lemma 5.3.2 can be shown. 
Lemma 10.3.1 For any formula B, for any assignment v in [V > M], and 
any variable x; of sort s, the following hold: 
(1) (Va; :sB)m[v]) = T iff (Blm/z;])m[v] = T for all m € M;; 
(2) (Ax; :sB)m[v] = T iff (Blm/z;])m[v] = T for some me M,. 
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In view of lemma 10.3.1, the recursive clauses of the definition of satis- 
faction can also be stated more informally as follows: 


ME (=A)[v] iff not ME A[u], 
ME (AA B)[v] iff ME A[v] and M & Biv, 
ME (AV B)[v] iff M — Av] or M & Biv, 
ME (AD B)[v] iff not M —& Alv] or ME Blo, 
ME (A= B)[v] iff (ME Alo] if f M E Blo), 
ME (V2; : sA)[v] iff M — (A[a/2;])[v] for every a € Mg, 
M § (Se; : sA)[v] iff M —& (Ala/z;])[v] for some a € M,. 


It is also easy to show that the semantics of a formula A only depends 
on the set F'V(A) of variables free in A. 


10.3.4 Semantics and Free Variables 
The following lemma holds. 
Lemma 10.3.2 Given a formula A with set of free variables {y1,..., yn}, 


for any two assignments s1,82 such that si(y;) = se(y), for 1 <i <n, 
Am|s1] = Am|s2]- 


10.3.5 Subformulae and Rectified Formulae 


Subformulae and rectified formulae are defined as in Subsection 5.3.6, and 
lemma 5.3.4 can be generalized easily. Similarly, the results of the rest of 
Section 5.3 can be generalized to many-sorted logic. The details are left as 
exercises. 


PROBLEMS 


10.3.1. Prove lemma 10.3.1. 
10.3.2. Prove lemma 10.3.2. 
10.3.3. Generalize lemma 5.3.4 to the many-sorted case. 


10.3.4. Examine the generalization of the other results of Section 5.3 to the 
many-sorted case. 
10.4 Proof Theory of Many-Sorted Languages 


The system G defined in Section 5.4 is extended to the many-sorted case as 
follows. 
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10.4.1 Gentzen System G for Many-Sorted Languages 
Without Equality 


We first consider the case of a many-sorted first-order language L without 
equality. 


Definition 10.4.1 (Gentzen system G for languages without equality) The 
symbols [, A, A will be used to denote arbitrary sequences of formulae and 
A, B to denote formulae. The rules of the sequent calculus G are the following: 


T,A,B,A SA ToA,AA PABA 


TAB moa T—A,AAB,A Cy 
T,A,A-A Ee peta) [T—>A,A,B,A (varie) 
T,AVB,A—A PD: Pie Ie AB he 
EES SAR ATT AT hay case Se ere) 
TAD BASA ITS. TO SE 
RASA... BE SK 
Pstacas ronan 


In the quantifier rules below, x is any variable of sort s and y is any 
variable of sort s free for x in A and not free in A, unless y = «x (y ¢ 
FV(A) — {x}). The term t is any term of sort s free for x in A. 


T, Alt/z],Va:sA, A> A 
T,Va:sA,AoaA 


PA, Aly/a}, A 
T 5 A,Va: sA,A 


(V: left) (V : right) 


Pr, Aly/z],4 > A 
T,dr: sA,A-A 


TSA, Alt/a],da:5A,A 
T+ A,sr:sA,A 


(A: left) (4: right) 


Note that in both the (V : right)-rule and the (3 : le ft)-rule, the variable 
y does not occur free in the lower sequent. In these rules, the variable y is 
called the eigenvariable of the inference. The condition that the eigenvariable 
does not occur free in the conclusion of the rule is called the etgenvariable 
condition. The formula Vz : sA (or dx : sA) is called the principal formula 
of the inference, and the formula A[t/z] (or Aly/a]) the side formula of the 
inference. 


The axioms of G are all sequents T — A such that T and A contain a 
common formula. 
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10.4.2 Deduction Trees for the System G 


Deduction trees and proof trees are defined as in Subsection 5.4.2. 


10.4.3 Soundness of the System G 


The soundness of the system G is obtained easily from the proofs given in 
Subsection 5.4.3. 


Lemma 10.4.1 (Soundness of G, many-sorted case) Every sequent provable 
in G is valid. 


10.4.4 Completeness of G 


It is also possible to prove the completeness of the system G by adapting the 
definitions and proofs given in Sections 5.4 and 5.5 to the many-sorted case. 
For this it is necessary to modify the definition of a Hintikka set so that it 
applies to a many-sorted algebra. We only state the result, leaving the proof 
as a sequence of problems. 


Theorem 10.4.1 (Gédel’s extended completeness theorem for G) A sequent 
(even infinite) is valid iff it is G-provable. 


10.5 Many-Sorted First-Order Logic With Equality 


The equality rules for many-sorted languages with equality are defined as 
follows. 


10.5.1 Gentzen System G— for Languages With Equality 


Let G— be the Gentzen system obtained from the Gentzen system G (defined 
in definition 10.4.1) by adding the following rules. 


Definition 10.5.1 (Equality rules for G_) Let [, A, A denote arbitrary se- 
quences of formulae (possibly empty) and let t, $1, ...,8n,t1,...,tn denote ar- 
bitrary L-terms. For every sort s, for every term t of sort s: 


T,t=,t~A 
TA 


For each function symbol f of rank (u1...un,s) and any terms $1, ..., Sn, 
ty,...,t, such that s; and t; are of sort u;: 


T, (81 =u, t1) A..e A (Sn =u, tr) D (f$1-.-5n =s fli.tn) > A 
TA 
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For each predicate symbol P (including =,) of arity u,...u, and any 
terms $1,...,$n,¢1,...,t, such that s; and t; are of sort uj: 


i es ((s1 =u, ty) Asal (Sn, =un tn) A P81...8n) =) Phicety —A 
THA 


10.5.2 Soundness of the System G_ 


The following lemma is easily shown. 


Lemma 10.5.1 If a sequent is G_-provable then it is valid. 


10.5.3 Completeness of the System G_ 


It is not difficult to adapt the proofs of Section 5.6 to obtain the following 
completeness theorem. 


Theorem 10.5.1 (Gédel’s extended completeness theorem for G.) Let L 
be a many-sorted first-order language with equality. A sequent (even infinite) 
is valid iff it is G_-provable. 


10.5.4 Reduction of Many-Sorted Logic to One-Sorted 
Logic 


Although many-sorted first-order logic is very convenient, it is not an essential 
extension of standard one-sorted first-order logic, in the sense that there is a 
translation of many-sorted logic into one-sorted logic. Such a translation is 
described in Enderton, 1972, and the reader is referred to it for details. The 
essential idea to convert a many-sorted language L into a one-sorted language 
L’ is to add domain predicate symbols D,, one for each sort, and to modify 
quantified formulae recursively as follows: 


Every formula A of the form Vz : sB (or dx : sB) is converted to the 
formula A’ = Vx(D;(x) D B’) (Ax : sB is converted to dx(D,(x) A B’)), where 
B’ is the result of converting B. 


We also define the set 17S to be the set of all one-sorted formulae of the 
form: 


(1) deD,(x), for every sort s, and 


(2) Vay..Van(Ds,(t1)A..A Ds, (tn) D Ds(f(X1,..;%n))), for every 
function symbol f of rank (s1...5n, 8). 


Then, the following lemma can be shown. 
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Lemma 10.5.2 Given a many-sorted first-order language L, for every set T 
of many-sorted formulae in L and for every many-sorted formula A in L, 


TEA iff 
T’'UMSFtA’, in the translated one-sorted language L’, 


where T” is the set of formulae in T translated into one-sorted formulae, and 
A’ is the one-sorted translation of A. 


Lemma 10.5.2 can be used to transfer results from one-sorted logic to 
many-sorted logic. In particular, the compactness theorem, model existence 
theorem, and Lowenheim-Skolem theorem hold in many-sorted first-order 
logic. 


PROBLEMS 


10.4.1. Prove lemma 10.4.1. 


10.4.2. Define many-sorted Hintikka sets for languages without equality, and 
prove lemma 5.4.5 for the many-sorted case. 


10.4.3. Prove the completeness theorem (theorem 10.4.1) for many-sorted 
logic without equality. 


10.5.1. Prove lemma 10.5.1. 


10.5.2. Generalize the other theorems of Section 5.5 to the many-sorted case 
(compactness, model existence, L6wenheim-Skolem). 


10.5.3. Define many-sorted Hintikka sets for languages with equality, and 
prove lemma 5.6.1 for the many-sorted case. 


10.5.3. Prove the completeness theorem (theorem 10.5.1) for many-sorted 
logic with equality. 


10.5.4. Generalize the other theorems of Section 5.6 to the many-sorted case 
(compactness, model existence, L6wenheim-Skolem). 


10.5.5. Prove lemma 10.5.2. 


10.6 Decision Procedures Based on Congruence Closure 


In this section, we show that there is an algorithm for deciding whether a 
quantifier-free formula without predicate symbols in a many-sorted language 
with equality is valid, using a method due to Kozen (Kozen, 1976, 1977) and 
Nelson and Oppen (Nelson and Oppen, 1980). Then, we show how this algo- 
rithm can easily be extended to deal with arbitrary quantifier-free formulae 
in a many-sorted language with equality. 
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10.6.1 Decision Procedure for Quantifier-free Formulae 
Without Predicate Symbols 


First, we state the following lemma whose proof is left as an exercise. 
Lemma 10.6.1 Given any quantifier-free formula A in a many-sorted first- 


order language L, a formula B in disjunctive normal form such that A = B 
is valid can be constructed. 


Using lemma 10.6.1, observe that a quantifier-free formula A is valid iff 
the disjunctive normal form B of —A is unsatisfiable. But a formula B = 
C,V...V Cy, in disjunctive normal form is unsatisfiable iff every disjunct C; 
is unsatisfiable. Hence, in order to have an algorithm for deciding validity 
of quantifier-free formulae, it is enough to have an algorithm for deciding 
whether a conjunction of literals is unsatisfiable. 


If the language L has no equality symbols, the problem is trivial since 
a conjunction of literals is unsatisfiable iff it contains some atomic formula 
Pt,...tp, and its negation. Otherwise, we follow a method due to Kozen 
(Kozen, 1976, 1977) and Nelson and Oppen (Nelson and Oppen, 1980). First, 
we assume that the language L does not have predicate symbols. Then, every 
conjunct C' consists of equations and of negations of equations: 


ty =s, UA... Atm =s,, Um A7T1 =s) U1 A AN ATn = 51, Un 


We give a method inspired from Kozen and Nelson and Oppen for de- 
ciding whether a conjunction C' as above is unsatisfiable. For this, we define 
the concept of a congruence on a graph. 


10.6.2 Congruence Closure on a Graph 


First, we define the notion of a labeled graph. We are considering graphs in 

which for every node wu, the set of immediate successors is ordered. Also, every 

node is labeled with a function symbol from a many-sorted ranked alphabet, 

and the labeling satisfies a condition similar to the condition imposed on 

many-sorted terms. 

Definition 10.6.1 A finite labeled graph G is a quadruple (V, ©, A, 6), where: 
V is an S-indexed family of finite sets V, of nodes (or vertices); 


xX is an S-sorted ranked alphabet; 


A:V — Sis a labeling function assigning a symbol A(v) in } to every 
node v in V; 


6:{(v,t)|vEV,1<i<n, r(A(v)) = (u1..-Un, s)} > V, 


is a function called the successor function. 
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The functions A and 6 also satisfy the following properties: For every 
node v in V,, the rank of the symbol A(v) labeling v is of the form (u1...Un, $), 
and for every node 6(v,2), the sort of the symbol A(6(v,72)) labeling 4(v, 7) is 
equal to uj. 


For every node v, 6(v,2) is called the i-th successor of v, and is also 
denoted as v[i]. Note that for a node v such that r(A(v)) = (e,s), 6 is not 
defined. Such a node is called a terminal node, or leaf. Given a node u, the 
set P,, of predecessors of u is the set {vu € V | d(v,7) = u, for some i}. A 
node u such that P,, = @ is called an initial node, or root. A pair (v,i) as in 
the definition of 6 is also called an edge. 


Next, we define a certain kind of equivalence relation on a graph called 
a congruence. A congruence is an equivalence relation closed under a certain 
form of implication. 


Definition 10.6.2 Given a (finite) graph G = (V,5,A,6), an S-indexed 
family R of relations R, over V, is a G-congruence (for short, a congruence) 
iff: 


hen uR,v, else if A(u) = A(v), r(A(w)) = (51..-5n, 8), and for every 3, 


el 

(2) For every pair (u,v) of nodes in V?, if A(u) = A(v) and r(A(u)) = 
8) t 
i<n, uli|]R,,v[2], then uR,v. 


(e 
l<is< 


In particular, note that any two terminal nodes labeled with the same 
symbol of arity e are congruent. 


Graphically, if u and v are two nodes labeled with the same symbol f 
of rank (81...5n, 8), if u{1],...,u[m] are the successors of u and v{1],..., v[n] are 


the successors of v, 
u v 


ull] vee uln] v1] ee v[n] 


if uli] and v|[?] are equivalent for all i, 1 < i < n, then u and v are also 
equivalent. Hence, we have a kind of backward closure. 

We will prove shortly that given any finite graph and S-indexed family R 
of relations on G, there is a smallest congruence on G containing R, called the 


congruence closure of R. First, we show how the congruence closure concept 
can be used to give an algorithm for deciding unsatisfiability. 


10.6.3 The Graph Associated With a Conjunction 


The key to the algorithm for deciding unsatisfiability is the computation of a 
certain congruence over a finite graph induced by C' and defined below. 
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Definition 10.6.3 Given a conjunction C’ of the form 
ty =s, UA... Atm =sm Um A711 =s) Vp ...A7%n =s/, Un, 


let TERM(C) be the set of all subterms of terms occurring in the conjunction 
C, including the terms t;, u;,r;,v; themselves. Let S(C) be the set of sorts 
of all terms in TERM(C). For every sort s in S(C), let TERM(C), be the 
set of all terms of sort s in TERM(C). Note that by definition, each set 
TERM(C), is nonempty. Let © be the $(C)-ranked alphabet consisting of 
all constants, function symbols, and variables occurring in TERM(C). The 
graph G(C) = (TERM(C),», A, 6) is defined as follows: 

For every node t in TERM(C), if t is either a variable or a constant 
then A(t) = t, else t is of the form fy1...y, and A(t) = f; 


For every node t in TERM (C), if t is of the form fy ..-yz, then for every 
i, 1<i<k, 6(t,2) = yi, else t is a constant or a variable and it is a terminal 
node of G(C). 


Finally, let FE = {(t1,u1),..-; (tm,Um)} be the set of pairs of terms oc- 
curring in the positive (nonnegated) equations in the conjunction C. 


EXAMPLE 10.6.1 


Consider the alphabet in which S = {i,s}, 5 = {f,g,a,),c}, with r(f) = 
(is, 8), r(g) = (st, s), r(a) = 7, r(b) = r(c) = s. Let C be the conjunction 


f(a, 6) =cA ag(f (a, 6), a) = g(c, a). 
Then, TERM(C); = {a}, TERM(C), = {b,c, f(a, b), g(c, a), g( f(a, d), 
a)}, and & = {(f(a,b),c)}. The graph G(C) is the following: 


g 


The key to the decision procedure is that the least congruence on G(C) 
containing FE exists, and that there is an algorithm for computing it. Indeed, 
assume that this least congruence >, containing E (called the congruence 
closure of FE) exists and has been computed. Then, we have the following 
result. 


Lemma 10.6.2 Given a conjunction C' of the form 


ty =s, UA... Atm =s,, Um A7T1 =s UA. N70 n =s/, Un 
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of equations and negations of equations, if +g is the congruence closure 
on G(C) of the relation EF = {(t1, u1),...; (tm, Um) }, then 


Cis unsatisfiable iff for some 7, 1 <j <n, 1; Rr Uj. 


Proof: Let € = {t) =s, ui,-+:,tm =s,, Um}. First, we prove that the 
S(C)-indexed family R of relations R, on TE RM(C) defined such that 


tReu iff EEt=, u, 


is a congruence on G(C) containing E. It is obvious that 


EF ti =s, Us 
for every (€;,u;) in FE, 1 <i<m, and so 
ti Rs, Ui- 


For every two subterms of the form fy,...y, and fz,...z, such that f is of 
rank (wy...wk, 8), if for every i, 1 <i<k, 


EE Y =u; 2% 


then by the definition of the semantics of equality, 


EE fyt..-Up =s f21---2k- 


Hence, R is a congruence on G(C) containing E. Since +, is the least 
congruence on G(C) containing EF, 


. * . 
if rj; pp vj, then ak U5. 


But then, since any model satisfying C satisfies €, both rj =. vj and >1rj =s:, 
v; would be satisfied, a contradiction. We conclude that if for some j, 1 < 
JN, 

r5 op U5; 
then C' is unsatisfiable. Conversely, assuming that there is no 7, 1 <j <n, 
such that 

es : E Vj, 
we shall construct a model M of C. First, we make the S(C)-indexed family 
TERM(C) into a many-sorted U-algebra C as follows: 


For each sort s in S(C), each constant or variable t of sort s is interpreted 
as the term ¢ itself. 
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For every function symbol f in © of rank (w,...wz,s), for every k terms 
Y1,-5 Yk in TERM (C), each y; being of sort w;, 1<i<k, 


fyr-ye if fyr--yer € TERM(C)s; 

far..ze if fyr...yr € TERM(C), and there are terms 
21, .,2% Such that, y; “> z;, and 
fai..ze € TERM(C),;; 

to otherwise, where to is some arbitrary term 
chosen in TERM(C)s. 


fois 44%) = 


Next, we prove that +, is a congruence on C. Indeed, for ev- 
ery function symbol f in © of rank (w...wz,s), for every k pairs of terms 
(y1, 21), +) (Ye: Ze), With y;, 2; of sort w;,1<i<k, if y; om 2%, then: 


(1) If fay..-y, and fz1...z, are both in TERM(C), then 
fo(yi, Yk) = fyr--Yr, and fo(z1,..., 2) = f21-.-2k, 


and since «+, is a congruence on G(C), we have fy1...yx Cog f21---Zp- 
Hence, fo(y1,---,Yx) oe fo(21, +2); 


(2) fy.-yer € TERM(C), or fz...z, ¢€ TERM(C), but there are 
some terms z},...,24, € TERM(C), such that, y; >, 2} and fz!...z, € 
TERM(C). Since y; > 2, there are also terms 2/,..., 2// € TERM(C) 
such that, 2; >» 2! and fz/!... zi! € TERM(C). Then, 


/ 


FE se Se te Std. Talsiyes geal $e cee, 


a * * 
Since y; ——£ 2, we have, zi —p 2/, 


that is, 


‘ ! / - " " 
and so, fz, ...2%, orn fz ...2, 


folyt,---.¥k) rm felai,.--s2): 
(3) If neither fyi...yx nor fz...z, is in TERM(C) and (2) does not 
hold, then 
Fo(ys, +5 Yk) = folZ1, ++) 2) = to 
for some chosen term tg in TERM(C), and we conclude using the reflexivity 


a 
of —>pf. 


Let M be the quotient of the algebra C by the congruence <> , , as 
defined in Subsection 2.5.8. Let v be the assignment defined as follows: For 
every variable x occurring in some term in TE RM(C), v() is the congruence 
class [a] of wx. 


We claim that for every term t in TERM(C), 
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the congruence class of t. This is easily shown by induction and is left as an 
exercise. But then, C is satisfied by v in M. Indeed, for every (¢;, u;) in E, 


[ti] = [ue], 


and so 
MF (t; =s; uj) [v, 


and for every 7, 1 <j <n, since we have assumed that the congruence classes 
[rj] and [v,;] are unequal, 


ME (a1; +e 07)(. 


The above lemma provides a decision procedure for quantifier-free for- 
mulae without predicate symbols. It only remains to prove that <>, exists 
and to give an algorithm for computing it. First, we give an example. 


EXAMPLE 10.6.2 


Recall the conjunction C' of example 10.6.1: 
f(a, 6) = eA -9(f(a, 6), a) = gle, a). 


Then, TERM(C); = {a}, TERM(C), = {b,c¢, f(a, d), g(c, a), g( f(a, d), 
a)}, and it is not difficult to verify that the congruence closure of the 
relation E = {(f(a, 6), c)} has the following congruence classes: {a}, {b}, 
{f(a,b),c} and {g(f(a,b),a),g(c,a)}. A possible candidate for the al- 
gebra C is given by the following table: 


f g 
(a, b) f(a, 6) 
(b, a) b 
(c, a) g(¢, a) 
(a,c) b 
(f(a, 6), a) 9( f(a, b), a) 
(a, f(a,d)) b 
(a, g(¢, a) b 
(g(c, a), a) b 
(a, 9( f(a, b), a)) b 
(9( f(a, 6), @),@) b 


By lemma 10.6.2, C is unsatisfiable. 
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10.6.4 Existence of the Congruence Closure 
We now prove that the congruence closure of a relation R on a finite graph G 


exists. 


Lemma 10.6.3 (Existence of the congruence closure) Given a finite graph 
G = (V,™,A,6) and a relation R on V, there is a smallest congruence —— rp 
on G containing R. 


Proof: We define a sequence R? of S-indexed families of relations induc- 
tively as follows: For every sort s € S, 


R° = R,U{(u,v) € V? | A(u) = A(v), and r(A(u)) = (e, s)}U{(u, u) | u € V}; 
For every sort s € S, 


Rit) = R'U{(v,u) € V? | (u,v) € Ri} 
U{(u,w) € V2 | Ju eV, (u,v) € Rt and (v,w) € Rt} 
U {(u,v) € V? | A(u) = A(v), r(A(u)) = (81..-8n, 5), 
and u[j)R5,v[j], 1 <j <n}. 


Let 
(>r)s = U Re 


It is easily shown by induction that every congruence on G containing 
R contains every R’, and that +p is a congruence on G. Hence, ——~ z is 
the least congruence on G containing R. 


Since the graph G is finite, there must exist some integer 7 such that 
R' = R'*'. Hence, the congruence closure of R is also computable. We shall 
give later a better algorithm due to Nelson and Oppen. But first, we show 
how the method of Subsection 10.6.3 can be used to give an algorithm for 
deciding the unsatisfiability of a conjunction of literals over a many-sorted 
language with equality (and function, constant, and predicate symbols). 


10.6.5 Decision Procedure for Quantifier-free Formulae 


The crucial observation that allows us to adapt the congruence closure method 
is the following: 


For any atomic formula Ptj...t,, if T represents the logical constant 
always interpreted as T, then Pty...t, is logically equivalent to (Pt1...t, = T), 
in the sense that 

Pty,...tr —= (Pty...te = T) 


is valid. 
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But then, this means that = behaves semantically exactly as the identity 
relation on BOOL. Hence, we can treat = as the equality symbol =p, of sort 
bool, and interpret it as the identity on BOOL. 


Hence, every conjunction C of literals is equivalent to a conjunction C’ of 
equations and negations of equations, such that every atomic formula Pty...t, 
in C is replaced by the equation Pt,...t, = T, and every formula —Pt,...t, in 
C is replaced by 7(Pt,...t, = T). 

Then, as in Subsection 10.6.3, we can build the graph G(C’) associated 
with C’, treating T as a constant of sort bool, and treating every predicate 
symbol P of arity u;...uz as a function symbol of rank (uy1...uz, bool). We then 
have the following lemma generalizing lemma 10.6.2. 


Lemma 10.6.4 Let C’ be the conjunction obtained from a conjunction of 
literals obtained by changing literals of the form Pt,...t, or 4Pt,...t, into 
equations as explained above. If C’ is of the form 


t1 =5, UA... Atm =s,, Um A7T1 =s) Vp A..A7P%n =! Un 


and if «“+, is the congruence closure on G(C) of the relation E = {(ty, 
U1), ++) (tm; Um)}, then 


Cis unsatisfiable iff for some 7, 1 <j <n, 1; or Uj. 


Proof: We define € = {t) =5, U1,°++,tm =s,, Um} and TERM(C) as in 
Subsection 10.6.3, except that S(C) also contains the sort bool, and we have 
a set of terms of sort bool. First, we prove that the S(C)-indexed family R of 
relations R, on TERM(C) defined such that 


tReu iff EEt=, u, 


is a congruence on G(C) containing F. For function symbols of sort s 4 bool, 
the proof is identical to the proof of lemma 10.6.2. For every two subterms 
of the form Py,..-y, and Pz,...z~ such that P is of rank (wy...wp, bool), if for 
every 1,1 <i<k, 


E F Vi =w; Riy 


then by the definition of the semantics of equality symbols, 


EE Py..-yp = P2...2p- 
Hence, R is a congruence on G(C) containing E. Now there are two cases. 


(i) If r; +e v; and the sort of r; and v; is not bool, we conclude as in 
the proof of lemma, 10.6.2. 


(ii) Otherwise, r; is some atomic formula Py;...y, and v; is the constant 
T. In that case, 


ER T;. 
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But then, since any model satisfying C’ satisfies €, both r; and —r; would be 
satisfied, a contradiction. We conclude that if for some j, 1 <j <n, 


* 
r5 ——_E U5; 


then C' is unsatisfiable. Conversely, assuming that there is no 7, 1 <j <n, 
such that 
"5 or U55 

we shall construct a model M of C. First, we make the S(C)-indexed family 
TERM(C) into a many-sorted 4-algebra C as in the proof of lemma 10.6.2. 
The new case is the case of symbols of sort bool. For every predicate symbol 
P of rank (wy...wp, bool), for every k terms yi,...,.yzx € TERM(C), each y; 
being of sort wi, 1 <i<k, 


T if Py...y, € TERM(C) and Py1...yp or; 
T if Py...y, € TERM(C), there are terms 21,..., 2% 
Poly, +5 Yk) = such that, y; og 2, P2...2% € TERM(C), 
and P24...2k “RB “Iss 
F otherwise. 


Next, we prove that >, is a congruence on C. The case of symbols of 
sort # bool has already been treated in the proof of lemma 10.6.2, and we only 
need to consider the case of predicate symbols. For every predicate symbol 
P of rank (wy1...wz, bool), for every k pairs of terms (1, 21),.--, (Ye, Zk), with 
yi, zs of sort wj,1<i<k, if y; —+- 2%, then: 


(1) Pyt...ye € TERM(C) and P2...z, € TERM(C). Since y; “>r 
z, and «> isa graph congruence, we have Pyj...yz —p Pzy...2p. 
Hence, Py1...yr og 7 iff P2...24 Cog T, that is, Po(y1,..,ye) = T 
iff Polar, oeey Zk) ='T: 

(2) Py...yr € TERM(C) or P2z...z, ¢ TERM(C). In this case, if 
Po(yi,-: Yk) = T, this means that there are terms zj,...,z, € TERM(C) 
such that, y; > 2), Pz...2, € TERM(C), and Pzi...z, +2 T. Since 
Yi —B %, we also have z; op zi. Since Pzi...z, € TERM(C), and 
Pz,...2), > T, we have, Po(z1,..., 2%) = T. The same argument shows 
that if Po(21,...,2r) = T, then Po(y1,...,.yx) = T. Hence, we have shown 
that Poly, wy UR) = T iff Pe(a, sey Zk) =. 


This concludes the proof that <>, is a congruence. Let M be the 
quotient of the algebra C by the congruence zg , as defined in Subsec- 
tion 2.5.8. Let uv be the assignment defined as follows: For every variable x 
occurring in some term in TERM(C), v(x) is the congruence class [2] of x. 


As in the proof of lemma 10.6.2, it is easily shown that for every term t 
in TERM(C), 
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the congruence class of t. But then, C’ is satisfied by v in M. The case of 
equations not involving predicate symbols in treated as in the proof of lemma 
10.6.2. Clearly, for every equation Py,...y, = T in C’, by the definition 
of M, M E Pyy...yx[v]. Since we have assumed that for every negation 


A(Py,...yz = T) in C’, it is not the case that Py,...y, og T, by the 
definition of M, M — =Py...y,[v]. This concludes the proof. 


The above lemma provides a decision procedure for quantifier-free for- 
mulae. 


EXAMPLE 10.6.3 


Consider the following conjunction C' over a (one-sorted) first-order lan- 
guage: 


FFF(@)) = aA FFFFF(@))) = aA Pla) AWP(F(a)), 


where f is a unary function symbol and P a unary predicate. First, C 
is converted to C”: 


FF(F(@)) = @A FFFFF(@))) = eA Pla) = TAAP(F(a)) = T- 


The graph G(C) corresponding to C’ is the following: 


Voof 
voof 
vaof 
v3of 
v2ht sv 
\ oP 
V70OT V1 V8 


Initially, R = {(V1,V4),(V1,V6),(V8,V7)}, and let R’ be its con- 
gruence closure. Since (V1,V4) is in R, (V2,V5) is in R’. Since 
(V2, V5) is in R’, (V3, V6) is in R’. Since both (V1, V6) and (V3, V6) 
are in R’, (V1,V3) is in R’. Hence, (V2,V4) is in R’. So the nodes 
V1,V2,V3,V4,V5,V6 are all equivalent under R’. But then, since 
(V1, V2) isin R’, (V8, V9) is in R’, and since (V8, V7) is in R, (V9, V7) 
is in R’. Consequently, P(f(a)) is equivalent to T, and C’ is unsatisfi- 
able. 
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10.6.6 Computing the Congruence Closure 


We conclude this section by giving an algorithm due to Nelson and Oppen 
(Nelson and Oppen, 1980) for computing the congruence closure R’ of a rela- 
tion R on a graph G. This algorithm uses a procedure MERGE that, given 
a graph G, a congruence R on G, and a pair (u,v) of nodes, computes the 
congruence closure of RU {(u,v)}. An equivalence relation is represented by 
its corresponding partition; that is, the set of its equivalence classes. Two 
procedures for operating on partitions are assumed to be available: UNION 
and FIND. 


UNION(u,v) combines the equivalence classes of nodes u and v into a 
single class. FJ.N D(u) returns a unique name associated with the equivalence 
class of node u. 


The recursive procedure MERGE(R,u,v) makes use of the function 
CONGRUENT(R, u,v) that determines whether two nodes u,v are congru- 
ent. 


Definition 10.6.4 (Oppen and Nelson’s congruence closure algorithm) 
Function CONGRUENT 


function CONGRUENT(R’: congruence; u,v: node): boolean; 
var flag: boolean; i,n: integer; 
begin 
if A(u) = A(v) then 
let n = |w| where r(A(u)) = (w, s); 
flag := true; 
for i1:=1 to n do 
if FIND(u{i]) <> FIND(v[i]) then 


flag := false 
endif 

endfor; 

CONGRUENT := flag 
else 

CONGRUENT := false 
endif 

end 


Procedure MERGE 


procedure MERGE(var R’: congruence; u,v: node); 
var X,Y: set-of-nodes; x,y: node; 
begin 
if FIND(u) <> FIND(v) then 
X := the union of the sets P, of predecessors of all 
nodes x in [u], the equivalence class of u; 
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Y := the union of the sets P, of predecessors of all 
nodes y in [v], the equivalence class of v; 
UNION(u,v); 
for each pair (x,y) such that x € X and y € Y do 
if FIND(a) <> FIND(y) and CONGRUENT(R’, x,y) 
then 
MERGE(R’, x,y) 
endif 
endfor 
endif 
end 


In order to compute the congruence closure R’ of a relation R = {(u1, 
U1), «+, (Un, Un) } on a graph G, we use the following algorithm, which computes 
R’ incrementally. It is assumed that R’ is a global variable. 


program closure; 
var R’: relation; 
function CONGRUENT(R’: congruence; u,v: node): boolean; 
procedure MERGE(var R’: congruence; u,v: node); 
begin 
input(G, R); 
R’ := Id; {the identity relation on the set V of nodes} 
for each (u;,v;) in R do 
MERGE(R’, Ui; Ui) 
endfor 
end 


To prove the correctness of the above algorithm, we need the following 
lemma. 


Lemma 10.6.5 (Correctness of the congruence closure algorithm) Given a 
finite graph G, a congruence R on G, and any pair (u,v) of nodes in G, let 
R, be the least equivalence relation containing RU {(u,v)}, and Rs be the 
congruence closure of R; U R2, where 


Ro = {(x,y) © X x Y | CONGRUENT (Rj, x, y) = true}, 


with 


X =the union of the sets P, of predecessors of all nodes x in [u], the 
equivalence class of u (modulo R;), and 


Y =the union of the sets P, of predecessors of all nodes y in [v], the 
equivalence class of v (modulo Rj). 


Then the relation Rs is the congruence closure of RU {(u, v)}. 
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Proof: First, since Rg is the congruence closure of R, U Ry and R, 
contains RU {(u,v)}, Rs is a congruence containing RU {(u,v)}. To show 
that it is the smallest one, observe that for any congruence R’ containing 
RU {(u,v)}, by the definition of a congruence, R’ has to contain all pairs 
in Ro, as well as all pairs in R and (u,v). Hence, any such congruence R’ 
contains R3. 


Using lemma 10.6.5, it is easy to justify that if MERGE(R, u,v) termi- 
nates, then it computes the congruence closure of RU {(u,v)}. The only fact 
that remains to be checked is that the procedure terminates. But note that 
MERGE(R’,u,v) calls UNION (u, v) iff u and v are not already equivalent, 
before calling MERGE(R’,x,y) recursively iff x and y are not equivalent. 
Hence, every time MERGE is called recursively, the number of inequivalent 
nodes decreases, which guarantees termination. Then, the correctness of the 
algorithm closure is straigtforward. 


The complexity of the procedure MERGE has been analyzed in Nelson 
and Oppen, 1980. Nelson and Oppen showed that if G has m edges and G 
has no isolated nodes, in which case the number of nodes n is O(m), then 
the algorithm can be implemented to run in O(m?)-time. Downey, Sethi, and 
Tarjan (Downey, 1980) have also studied the problem of congruence closure, 
and have given a faster algorithm running in O(mlog(m))-time. 


It should also be noted that there is a dual version of the congruence 
closure problem, the unification closure problem, and also a symmetric version 
of the problem, which have been investigated in Oppen, 1980a, and Downey, 
1980. Both have applications to decision problems for certain classes of for- 
mulae. For instance, in Oppen, 1980a, the symmetric congruence closure is 
used to give a decision procedure for the theory of recursively defined data 
structures, and in Nelson and Oppen, 1980, the congruence closure is used to 
give a decision problem for the theory of list structures. Other applications 
of the concept of congruence closure are also found in Oppen, 1980b; Nelson 
and Oppen, 1979; and Shostak, 1984b. 


The dual concept of the congruence closure is defined as follows. An 
equivalence relation R on a graph G is a unification closure iff, for every pair 
(u,v) of nodes in V2, whenever uR,v then: 


(1) Hither A(u) = A(v), or one of A(w), A(v) is a variable; 


(2) If A(u) = A(v) and r(A(u)) = (s1...5n, 8), then for every i, 1<i<n, 
uli] R,, v2]. 
Graphically, if u and v are two nodes labeled with the same symbol f 


of rank (s1...5n, 8), if u{1],...,u[m] are the successors of u and v{1],...,v[n] are 
the successors of v, 
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U UV 


ull] ves uln] v1] ms v[n] 


if wu and v are equivalent then u/i] and v[i] are equivalent for all i,1 <i <n. 
Hence, we have a kind of forward closure. In contrast with the congruence 
closure, the least unification closure containing a given relation R does not 
necessarily exist, because condition (1) may fail (see the problems). 


The unification closure problem has applications to the unification of 
trees, and to the equivalence of deterministic finite automata. There is a 
linear-time unification closure algorithm due to Paterson and Wegman (Pa- 
terson and Wegman, 1978) when a certain acyclicity condition is satisfied, 
and in the general case, there is an O(ma(m))-time algorithm, where a is a 
functional inverse of Ackermann’s function. For details, the reader is referred 
to Downey, 1980. An O(ma(m))-time unification algorithm is also given in 
Huet, 1976. 


PROBLEMS 


10.6.1. Prove lemma 10.6.1. 
10.6.2. Give the details of the proof of lemma 10.6.3. 


10.6.3. Use the method of Subsection 10.6.3 to show that the following for- 
mula is valid: 


c=yD f(r,y) = fly.) 


10.6.4. Use the method of Subsection 10.6.3 to show that the following for- 
mula is valid: 


F(FF(@)) = aA f(f(@)) = ad f(a) =a 


10.6.5. Use the method of Subsection 10.6.5 to show that the following for- 
mula is valid: 


c= yAg(f(@,y)) = WF (ey) A P(g(F la, y)) > P(A(F(y, ©))) 


10.6.6. Use the method of Subsection 10.6.5 to show that the following for- 
mula is not valid: 


«= yA g(z) = h(z) A P(g(f(a,y))) > PURCF(y, 2))) 


*« 10.6.7. An equivalence relation R on a graph G is a unification closure iff, 
for every pair (u,v) of nodes in V?, whenever uR,v then: 
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* 10.6.8. 


* 10.6.9. 


1) Either A(u) = A(v), or one of A(w), A(v) is a variable; 


(1) 
(2) If A(w) = A(v) and r(A(u)) = (51...Sn, 8), then for every i, 1 < 
i<n, uli] Rz,v[2]. 


(a) Given an arbitrary relation Ro on a graph G, give an example 
showing that the smallest unification closure containing Ro does not 
necessarily exists, because condition (1) may fail. 


(b) Using the idea of Subsection 10.6.4, show that there is an algo- 
rithm for deciding whether the smallest unification closure containing 
a relation Rp on G exists, and if so, for computing it. 


In order to test whether two trees t, and tg are unifiable, we can 
compute the unification closure of the relation {t,,t2} on the graph 
G(t1,t2) constructed from t, and t as follows: 


(i) The set set of nodes of G(t1, tz) is the set of all subterms of t; and 
tg. 


(ii) Every subterm that is either a constant or a variable is a terminal 
node labeled with that symbol. 


(iii) For every subterm of the form fy ...yz, the label is f, and there 
is an edge from fyj...yx to y;, for each i, 1 <i <k. 


Let R be the least unification closure containing the relation {t,, t2} 
on the graph G(t1,t2), if it exits. A new graph G(ti,t2)/R can be 
constructed as follows: 


(i) The nodes of G(t1, t2)/R are the equivalence classes of R. 


(ii) There is an edge from a class C to a class C’ iff there is an edge 
in G(t1,t2) from some node y in class C to some node z in class C’. 


Prove that t; and to are unifiable iff the unification closure R exists 
and the graph G(t1,t2)/R is acyclic. When t; and tg are unifiable, 
let (Ci,...,Cy) be the sequence of all equivalence classes containing 
some variable, ordered such that if there is a path from C; to C;, 
then 7 < j. For each i, 1 <2 < n, if C; contains some nonvariable 
term, let t; be any such term, else let t; be any variable in C;. Let 
0; = [ti/z1,..-,ti/Zp], where {21,..., 2%} is the set of variables in C4, 
and let gd = 01, 0...00,. Show that o is a most general unifier. 


(A cycle in a graph is a sequence 11, ..., vz, of nodes such that v1 = vz, 
and there is an edge from vu; to uj41, 1 <i < k—1. A graph is acyclic 
iff it does not have any cycle.) 


Let C be a quantifier-free formula of the form 


(sy = ti) A... A (8p = tn) D (s = bt). 
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Let COM(C) be the conjunction of all formulae of the form 


Vavy( f(z, y) = f(y, 2), 


for every binary function symbol f in C. 


Show that the decision procedure provided by the congruence closure 
algorithm can be adpated to decide whether formulae of the form 
COM(C) D C are valid. 


Hint: Make the following modification in building the graph G(C): 
For every term ft tz, create a node labeled ft,t2 having two ordered 
successors: 


A terminal node labeled f, and a node labeled with v(ftit2), such 
that v(ftit2) has two unordered successors labeled with t; and te. 


Also modify the definition of a congruence, so that for any two nodes 
u and v labeled with vu(ftit2), where f is a binary function symbol, 
if either 


(i) u[1] is congruent to v[1] and u[2] is congruent to v[2], or 
(ii) u[1] is congruent to v[2] and u[2] is congruent to v[1], 


then u and v are congruent. 


Notes and Suggestions for Further Reading 


Many-sorted first-order logic is now used quite extensively in computer sci- 
ence. Its main uses are to the definition of abstract data types and to pro- 
gramming with rewrite rules. Brief presentations of many-sorted first-order 
logic can be found in Enderton, 1972, and Monk, 1976. A pioneering paper 
appears to be Wang, 1952. 


The literature on abstact data types and rewrite rules is now extensive. 
A good introduction to abstract data types can be found in the survey paper 
by Goguen,Thatcher,Wagner, and Wright, in Yeh, 1978. For an introduction 
to rewrite rules, the reader is referred to the survey paper by Huet and Oppen, 
in Book, 1980, and to Huet, 1980. 


Congruence closure algorithms were first discovered by Kozen (Kozen, 
1976, 1977), and independently a few years later by Nelson and Oppen (Nelson 
and Oppen, 1980, Oppen, 1980a), and Downey, Sethi, and Tarjan (Downey, 
1980). The extension given in Subsection 10.6.4 appears to be new. Problems 
10.6.7 and 10.6.8 are inspired from Paterson and Wegman, 1978, where a 
linear-time algorithm is given, and problem 10.6.9 is inspired from Downey, 
1980, where fast algorithms are given. 


Appendix 


2.4 Algebras 


We have already encountered the concept of an algebra in example 2.3.1 and 
in the section containing theorem 2.3.1. An algebra is simply a pair < A, F > 
consisting of a nonempty set A together with a collection F’ of functions also 
called operations, each function in F’ being of the form f : A” — A, for some 
natural number n > 0. When working with algebras, one is often dealing with 
algebras having a common structure, in the sense that for any two algebras 
< A,F > and < B,G >, there is a function d : F — G from the set of 
functions F’ to the set of functions G. A more convenient way to indicate 
common structure is to define in advance the set © of function symbols as a 
ranked alphabet used to name operators used in these algebras. Then, given 
an algebra < A,F >, each function name f receives an interpretation I(f) 
which is a function in F’. In other words, the set F’ of functions is defined by 
an interpretation J: & — F assigning a function of rank n to every function 
symbol of rank n in ©. Given any two algebras < A,J : % — F > and 
< B,J:uU—G>, the mapping d from F to G indicating common structure 
is the function such that d(J(f)) = J(f), for every function name f in ©. 
This leads to the following formal definition. 


2.4.1 Definition of an Algebra 
Given a ranked alphabet “1, a S-algebra A is a pair < A,I > where A is a 
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nonempty set called the carrier, and I is an interpretation function assigning 
functions to the function symbols as follows: 


(i) Each symbol f in © of rank n > 0 is interpreted as a function I(f) : 
A” > A; 


(ii) Each constant c in ¥ is interpreted as an element [(c) in A. 


The following abbreviations will also be used: I(f) will be denoted as 
fa and I(c) as ca. 


Roughly speaking, the ranked alphabet describes the syntax, and the 
interpretation function J describes the semantics. 


EXAMPLE 2.4.1 


Let A be any (nonempty) set and let 24 denote the power-set of A, that 
is, the set of all subsets of A. Let © = {0,1,—,+,*}, where 0,1 are 
constants, that is of rank 0, — has rank 1, and + and * have rank 2. If 
we define the interpretation function I such that (0) = 0 (the empty 
set), [(1) = A, I(—) = set complementation, I(+) = set union, and 
I(*) = set intersection, we have the algebra B4 =< 24, >. Such an 
algebra is a boolean algebra of sets in the universe A. 


EXAMPLE 2.4.2 


Let © bea ranked alphabet. Recall that the set CTs denotes the set of all 
finite or infinite U-trees. Every function symbol f of rank n > 0 defines 


the function f : CTS — CTy as follows: for all t1,t2,...,tn € CTx, 
f (ti, ta,...,tn) is the tree denoted by ftitg...t, and whose graph is the 
set of pairs 


=n 


{Ce A} UL {(iu, ti(u)) | w € dom(ti)}. 


i=l 


The tree ft ...tn is the tree with f at the root and t; as the subtree 
at address 7. Let I be the interpretation function such that for every 
f €Xn, n> 0, I(f) = f. The pair (CTs, J) is a S-algebra. Similarly, 
(Ty, J) isa S-algebra for the interpretation J such that for every f € Un, 
n > 0, J(f) is the restriction of f to finite trees. For simplicity of 
notation, the algebra (CTs, I) is denoted by CTs and (Ts, J) by Ts. 


The notion of a function preserving algebraic structure is defined below 


2.4.2 Homomorphisms 
Given two /-algebras A and B, a function h: A > B is a homomorphism iff: 


(i) For every function symbol f of rank n > 0, for every (a1, ...,@n) € A”, 


h( fa(ar, tees Gn)) = fa(h(a1), fag h(an)); 
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(ii) For every constant c, h(ca) = cp. 


If we define A° = {e} and the function h” : A” — B” by h(ai,...,dn) = 
(h(a1),...,h(@n)), then the fact that the function h is a homomorphism is 
expressed by the commutativity of the following diagram: 


An oS, 

nn | [a 

B? — B 
fa 


We say that a homomorphism h: A — B is an isomorphism iff there is 
a homomorphism g: B — A such that hog =I, and goh= Ig. Note that 
if h is an isomorphism, then it is a bijection. 


Inductive sets correspond to subalgebras. This concept is defined as 
follows. 


2.4.3 Subalgebras 


An algebra B =< B,J > is a subalgebra of an algebra A =< A,I > (with 
the same ranked alphabet %) iff: 


(1) B is a subset of A; 


(2) For every constant c in 4, cg = ca, and for every function symbol 
f of rank n > 0, fp: B” — B is the restriction of fa : A" — A. 


The fact that B is an algebra implies that B is closed under the op- 
erations; that is, for every function symbol f of rank n > 0 in &, for all 
bi,..-,bn € B, fa(bi,...,bn) € B. Now, inductive closures correspond to least 
subalgebras. 


2.4.4 Least Subalgebra Generated by a Subset 


Given an algebra A and a subset X of A, the inductive closure of X in A is 
the least subalgebra of A containing X. It is also called the least subalgebra 
of A generated by X. This algebra can be defined as in lemma 2.3.1. Let 
([X]i)i>0 be the sequence of subsets of A defined by induction as follows: 


[X]o = X U{ca | cis a constant in 5}; 
[X]ia = [X]i U {fa(ai, Cage) | Q1, +5 4n € [X]i, f € Un, n 2 1. 
Let 


i>0 


One can verify easily that [X] is closed under the operations of A. Hence, 
[X] together with the restriction of the operators to [X] is a subalgebra of A. 
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Let [X] denote this subalgebra. The following lemma is easily proved (using 
a proof similar to that of lemma 2.3.1). 


Lemma 2.4.1 Given any algebra A and any subset X of A, [X] is the least 
subalgebra of A containing X. 


Important note: The carrier of an algebra is always nonempty. To avoid 
having the carrier [X] empty, we will make the assumption that [X]o 4 0 
(either X is nonempty or there are constant symbols). 


Finally, the notion of free generation is generalized as follows. 


2.4.5 Subalgebras Freely Generated by a Set X 


We say that the algebra [X] is freely generated by X in A iff the following 
conditions hold: 


(1) For every f (not a constant) in %, the restriction of the function 
fa : A™ — A to [X]™ is injective. 


(2) For every fa : A” — A, ga : A" — Awith f,g © BY, fa([X]™”) is 
disjoint from ga([X]") whenever f 4 g (and ca # da for constants c # d). 


(3) For every fa : A” — A with f € D and every (21,...,Un) € [X]”, 
fa(@1,..,0n) ¢ X (and ca ¢ X, for a constant c). 


As in lemma 2.3.3, it can be shown that for every (%1,...,U%n) € [X]? — 
[XTE1, Fal@is 52h) ¢ [X]:, (i = 0, with [X]-1 F 0). 


We have the following version of theorem 2.3.1. 
Theorem 2.4.1 (Unique homomorphic extension theorem) Let A and B be 
two S-algebras, X a subset of A, let [X] be the least subalgebra of A con- 


taining X, and assume that [X] is freely generated by X. For every function 
h: X — B, there is a unique homomorphism h : [X] — B such that: 


(1) For all 2 € X, h(x) = h(x); 
For every function symbol f of rank n > 0, for all (a1,...,2n) € [X]”, 


(2) A(fa(a1,.-2n)) = fp(h(x1),...,h(xp)), and h(ca) = cp, for each 
constant c. 


This is also expressed by the following diagram. 


aoe Je 
B 


The following lemma shows the importance of the algebra of finite trees. 
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Lemma 2.4.2 For every ranked alphabet ©, for every set X, if X NX =O 
and X UX» 4 @ (where “po denotes the set of constants in ©), then the »- 
algebra Ty(X) of finite trees over the ranked alphabet © U X obtained by 
adjoining the set X to No is freely generated by X. 


Proof: First, it is easy to show from the definitions that for every tree 
t such that depth(t) > 0, 


t= f(t/1,...,t/n) and depth(t/i) < depth(t), 1<i<n, 


where t(e) = f (the label of the root of t), n = r(f) (the rank of f) and 
t/i is the “i-th subtree” of t, 1 <i <n. Using this property, we prove 
by induction on the depth of trees that every tree in Ty(X) belongs to the 
inductive closure of X. Since a tree of depth 0 is a one-node tree labeled with 
either a constant or an element of X, the base case of the induction holds. 
Assume by induction that every tree of depth at most k belongs to Xz, the 
k-th stage of the inductive closure of X. Since every tree of depth k + 1 can 
be written as t = f(t/1,...,t/n) where every subtree t/i has depth at most. k, 
the induction hypothesis applies. Hence, each t/i belongs to X;. But then 
f(t/1,...,t/n) = t belongs to X41. This concludes the induction showing 
that Ty(X) is a subset of X;4. For every f € Hn, n > 0, by the definition of 
f, if t1,...,tn are finite trees, f(t1,...,tn) is a finite tree (because its domain is 
a finite union of finite domains). Hence, every X;, is a set of finite trees, and 
thus a subset of Ty(X). But then X+ is a subset of Ty(X) and Ty(X) = X4. 
Note also that for any two trees t and ¢’ (even infinite), t = ¢’ if and only if, 
either 


(1) t = f(ti,...,tm) =U’, for some unique f € U»,, (m > 0), and some 
unique trees ¢},...,tm € CTy(X), or 


(2) t=a=tV’, for some unique a € X U Xp. 


Then, it is clear that each function f is injective, that range(f) and 
range(g) are disjoint whenever f # g, and that for every f of rank n > 0, 


f(t1,...,¢n) is never a one-node tree labeled with a constant. Hence, conditions 
(1),(2),(3) for free generation are satisfied. 


In Chapter 5, when proving the completeness theorem for first-order 
logic, it is necessary to define the quotient of an algebra by a type of equiv- 
alence relation. Actually, in order to define an algebraic structure on the 
set of equivalence classes, we need a stronger concept known as a congruence 
relation. 


2.4.6 Congruences 


Nw 


Given a S-algebra A, a congruence = on A is an equivalence relation on the 
carrier A satisfying the following conditions: For every function symbol f of 
rank n > 0 in &, for all 74, ...,2%, Y1,--5Yn € A, 
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if x; = y; for all i,1 <i<n, then 
falTistig ia) = Fa(¥is 5 Yn): 


The equivalence class of x modulo & is denoted by [a]~, or more simply 
by [a] or &. 

Given any function symbol f of rank n > 0 in © and any n subsets 
By,..., Bn of A, we define 


If is a congruence on A, for any aj,...,@n € A, fa(ai],...,[Gn]) is a 
subset of some unique equivalence class which is in fact [fa (a1, ...,@n)]. Hence, 
we can define a structure of S-algebra on the set A/ & of equivalence classes. 


2.4.7 Quotient Algebras 


Given a S-algebra A and a congruence & on A, the quotient algebra A/ ~ has 
the set A/ © of equivalence classes modulo & as its carrier, and its operations 
are defined as follows: For every function symbol f of rank n > 0 in &, for all 
[a], ..-; [an] € A/ &, 


fay~=(lai], a) [@n]) = [fa(ai, toy Gn), 


and for every constant c, 
Caz = (dl. 


One can easily verify that the function hw : A — A/ & such that 
hx(a) = [a] is a homomorphism from A to A/ &. 


EXAMPLE 2.4.3 

Let © = {0,1, —,+,*} be the ranked alphabet of example 2.4.1. Let A be 
any nonempty set and let Ts(24) be the tree algebra freely generated 
by 24. By lemma 2.4.2 and theorem 2.4.1, the identity function Id : 
24 —, 24 extends to a unique homomorphism h : Ts(24) — Ba, where 
the range of the function h is the boolean algebra By (and not just 
its carrier 24 as in the function Id). Let & be the relation defined on 
Ts:(24) such that: 


t; &t2 if and only if h(t,) = h(te). 


For example, if A = {a, b,c, d}, for the trees t; and tz given by the terms 
ty = +({a}, «({b, c, d}, {a, b, c})) and to = +({a, b}, {c}), we have 


A(t) = A(t) = {a,b,c}. 
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It can be verified that © is a congruence, and that the quotient algebra 
Ts:(24)/ & is isomorphic to Ba. 


2.5 Many-Sorted Algebras 


For many computer science applications, and for the definition of data types 
in particular, it is convenient to generalize algebras by allowing domains and 
operations of different types (also called sorts). A convenient way to do so 
is to introduce the concept of a many-sorted algebra. In Chapter 10, a gen- 
eralization of first-order logic known as many-sorted first-order logic is also 
presented. Since the semantics of this logic is based on many-sorted algebras, 
we present in this section some basic material on many-sorted algebra. 


Let S be a set of sorts (or types). Typically, S consists of types in a 
programming language (such as integer, real, boolean, character, etc.). 


2.5.1 S-Ranked Alphabets 


An S-ranked alphabet is pair (©, 1) consisting of a set © together with a func- 
tion r: 4 > S* x S assigning a rank (u,s) to each symbol f in ¥. 


The string u in S* is the arity of f and s is the sort (or type) of f. 
If wu = $1...8n, (n > 1), a symbol f of rank (u,s) is to be interpreted as an 
operation taking arguments, the i-th argument being of type s; and yielding 
a result of type s. A symbol of rank (e,s) (when wu is the empty string ) is 
called a constant of sort s. For simplicity, a ranked alphabet (4,1) is often 
denoted by ©. 


2.5.2 Definition of a Many-Sorted Algebra 


Given an S-ranked alphabet /, a many-sorted S-algebra A is a pair < A,I >, 
where A = (A,)seg is an S-indexed family of nonempty sets, each A, being 
called a carrier of sort s, and I is an interpretation function assigning func- 
tions to the function symbols as follows: 


(i) Each symbol f of rank (u,s) where u = 5}...8p is interpreted as a 
function I(f): As, x... x As, 2 As: 


(ii) Each constant c of sort s is interpreted as an element I(c) in Ag. 


The following abbreviations will also be used: I(f) will be denoted as 
fa and I(c) as ca; If u = 51...5n, we let AY = As, x... x Ag, and A® = {e}. 
(Since there is a bijection between A and A x {e}, A and A x {e} will be 
identified.) Given an S-indexed family h = (hs)seg of functions h, : As > Bs, 
the function h“ : A“ — B” is defined so that, for all (aj,...,an) € A", 
AY (1, ++5An) = (As, (1), --5 Ms, (Gn))- 
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EXAMPLE 2.5.1 


The algebra of stacks of natural numbers is defined as follows. Let 
S = {int, stack}, ©} = {A, ERROR, POP, PUSH,TOP}, where A is 
a constant of sort stack, ERROR is a constant of sort int, PUSH is 
a function symbol of rank (int.stack,stack), POP a function symbol 
of rank (stack,stack) and TOP a function symbol of rank (stack,int). 
The carrier of sort int is NU {error}, and the carrier of sort stack, the 
set of functions of the form X : [n] ~ NU {error}, where n € N. When 
n = 0, the unique function from the empty set ((0]) is denoted by A and 
is called the empty stack. The constant ERROR is interpreted as the 
element error. Given any stack X : [n] —~ NU {error} and any element 
a€ NU {error}, PUSH(a,X) is the stack X’: [n+ 1] — NU {error} 
such that X’(k) = X(k) for all k, 1 < k <n, and X’(n+1) = a; 
TOP(X) is the top element X(n) of X ifn > 0, error ifn = 0; POP(X) 
is the empty stack A if either X is the empty stack or n = 1, or the stack 
X': [n—1] — NuUf{error} such that X’(k) = X(k) for allk, 1 <k <n-1 
ifn > 1. 


Note: This formalization of a stack is not perfectly faithful because 
TOP(X) = error does not necessarily imply that X = A. However, it is good 
enough as an example. 


2.5.3 Homomorphisms 


Given two many-sorted 4-algebras A and B, an S-indexed family h = (hs)ses 
of functions h, : A, ~ B, is a homomorphism iff: 


(i) For every function symbol f or rank (u, s) with u = s1...8,, for every 
(a1, ny Gn) € AM 


hs(fa(@i,--,@n)) = fa (hs, (a1), +; Ms, (@n)) 


(ii) For every sort s, for every constant c of sort s, hs(ca) = cp. 


These conditions can be represented by the following commutative dia- 
gram. 


Aw ts, A, 

nv | [a 

BY —, B, 
fs 


2.5.4 Subalgebras 


An algebra B =< B,J > is a subalgebra of an algebra A =< A,I > (with 
the same ranked alphabet ©) iff: 


(1) Each B, is a subset of A,, for every sort s € S; 
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(2) For every sort s € S, for every constant c of sort s, cg = ca, and for 
every function symbol f of rank (u,s) with u= s1...5n, fg : BY > B, is the 
restriction of fa : AY > Ag. 


The fact that B is an algebra implies that B is closed under the opera- 
tions; that is, for every function symbol f of rank (u,s) with wu = $1...5n, for 
every (b1,...,b,) € BY, fa(bi,...,bn) is in B,, and for every constant c of sort 
S, ca isin Bg. 


2.5.5 Least Subalgebras 


Given a }-algebra A, let X = (X.)ses be an S-indexed family with every X, 
a subset of A,. As in the one-sorted case, the least subalgebra of A containing 
X can be characterized by a bottom-up definition. We define this algebra [X] 
as follows. 


The sequence of S-indexed families of sets ([X];), (¢ > 0) is defined by 


induction: For every sort s, 


[X.]o = X;U {ca | c aconstant of sort s}, 
[Xslita = [Xs]iU {fa(@1,-5¢n) | r(f) = (u, 8); (@1, +5 %n) € ([X]i)"F, 


with u = s1...5n,n2 > 1. 


The carrier of sort s of the algebra [X] is 


Important note: The carriers of an algebra are always nonempty. To 
avoid having any carrier [X,] empty, we will make the assumption that for 
every sort s, [Xs]o #9. This will be satisfied if either X, is nonempty or there 
are constants of sort s. A more general condition can be given. Call a sort s 
nonvoid if either there is some constant of sort s, or there is some function 
symbol f of rank (s1...5,,8) such that s1,...,8, are all non-void (n > 1). 
Then, [X], is nonempty if and only if either X, 4 9 or s is non-void. 


We also have the following induction principle. 
Induction Principle for Least Subalgebras 


If [X] is the least subalgebra of A containing X, for every subfamily Y 
of [|X], if Y contains X and is closed under the operations of A (and contains 
{ca | cis a constant}) then Y = [X]. 


2.5.6 Freely Generated Subalgebras 
We say that [X] is freely generated by X in A iff the following conditions hold: 
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(1) For every f (not a constant) in %, the restriction of the function 
fa : A“ > A, to [X]” is injective. 

(2) For every fa : A“ > Ag, ga : AX — Ay with f,g © Y, fa((X]") is 
disjoint from ga([X]”) whenever f 4 g (and ca # da for constants c £ d). 

(3) For every fa : AY — A, with f € © and every (21,...,%,) € [X]", 
fa(@1,..,0n) ¢ Xs (and ca ¢ Xz, for a constant c of sort s). 


As in lemma 2.3.3 , it can be shown that for every (#1,...,%») in [X]? — 
[X]iL1s fa(@i,-52n) € [Xs]i, (¢ 2 0, with [X5]-1 = 0). 


We have the following generalization of theorem 2.4.1. 


Theorem 2.5.1 (Unique homomorphic extension theorem) Let A and B 
be two many-sorted U-algebras, X an S-indexed family of subsets of A, let 
[X] be the least subalgebra of A containing X, and assume that [X] is freely 
generated by X. For every S-indexed family h : X — B of functions hg : 
X, — B,, there is a unique homomorphism h : [X] — B such that: 


(1) For all x € Xz, h(x) = h(x) for every sort s; 


For every function symbol f of rank (u,s), with wu = 51...8,, for all 
(21, ..-)Ln) € [XxX], 


(2) As(fa(1,--.2n)) = fa(Ns, (21), --, Rs, (@n)), and hs(ca) = cp for a 
constant c of sort s. 


rN li 
B 


2.5.7 Congruences 


Given a -algebra A, a congruence ~ on A is an S-indexed family (&s)ses 
of relations, each &, being an equivalence relation on the carrier A,, and 
satisfying the following conditions: For every function symbol f of rank (u, s), 
with u = $1...8,, for all (@1,...,¢,) and (y1,...,Yn) in A”, 


if a; =., y; for alli, 1 <i<n, then 
FM Digi Da) =. fa(y, satiny). 


The equivalence class of x modulo =, is denoted by [z]~,, or more simply 
by [x], or Zs. 


Given any function symbol f of rank (u,s), with w= s1...5,, and any n 
subsets B,,...,B, such that B; is a subset of As,, we define 


fa(Bi,..., Br) = {fa(b1, 5 0n) | (b1,--; bn) € AY}. 
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If & is a congruence on A, for any (41,...,@n) € AY, fa([ai]s,)--- [@n]s,, ) 
is a subset of some unique equivalence class which is in fact [fa(a1,...,@n)]|s- 
Hence, we can define a structure of -algebra on the S-indexed family A/ = 
of sets of equivalence classes. 


2.5.8 Quotient Algebras 


Given a S-algebra A and a congruence © on A, the quotient algebra A/ = 
has the S-indexed family A/ & of sets of equivalence classes modulo &, as its 
carriers, and its operations are defined as follows: For every function symbol 
f of rank (u,s), with wu = s1...5p, for all ([a1]s,,..-,[@n]s,.) € (A/ &)", 


fas~([ai]s1, Bae: [an|sn) =. [fa(ai, ney an) |s) 


and for every constant c of sort s, 
Ca/z, = [cls- 


The S-indexed family hx of functions hy, : A, —~ A/ &, such that 
hx, (x) = [a]~, is a homomorphism from A to A/ &. 


s s 


Finally, many-sorted trees are defined as follows. 


2.5.9 Many-Sorted Trees 


Given a many-sorted alphabet © (with set S of sorts), a U-tree of sort s is 
any function t: D — © where D is a tree domain denoted by dom(t) and t 
satisfies the following conditions: 


1) The root of t is labeled with a symbol t(e) in ¥ of sort s. 


2) For every node u € dom(t), if {i | ui € dom(t)} = [n], then if n > 0, 
for each ui, i € [nl], if t(uz) is a symbol of sort v;, then t(u) has rank (v, s’), 
with v = v1...Un, else if n = 0, then t(u) has rank (e, s’), for some s’ € S. 


The set of all finite trees of sort s is denoted by T$, and the set of all 
finite trees by Ty. Given an S-indexed family X = (X,)ses, we can form the 
sets of trees T(X,) obtained by adjoining each set X, to the set of constants 
of sort s. Ty(X) is a S-algebra, and lemma 2.4.2 generalizes as follows. 


Lemma 2.5.1 For every many-sorted U-algebra A and S-indexed family 
X = (X5)ses, if X NU =, then the N-algebra Ty(X) of finite trees over the 
ranked alphabet obtained by adjoining each set X, to the set U,, of constants 
of sort s is freely generated by X. 


EXAMPLE 2.5.2 


Referring to example 2.5.1, let © be the ranked alphabet of the algebra 
A of stacks. Let Ty(N) be the algebra freely generated by the pair 
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of sets (0,N). The identity function on (0,N) extends to a unique 
homormophism h from Ty(N) to A. Define the relations Sint and =stack 
on Ty(N) as follows: For all t),t2 of sort stack, 


ty Sint te iff h(t1) = h(te), 
and for all t,,t2 of sort int, 


t1 stack ta iff h(t1) = h(t2). 


One can check that © is a congruence, and that Ty(N)/ & is isomorphic 
to A. One can also check that the following holds for all trees X of sort 
stack and all trees a of sort int: 


POP(PUSH(a,X)) stack X, 


POP(A) =stack A, 
TOP(PUSH(a, X)) Sint a, 
TOP(A) Sint ERROR. 


The reader is referred to Cohn, 1981, or Gratzer, 1979, for a complete 
exposition of universal algebra. For more details on many-sorted algebras, 
the reader is referred to the article by Goguen,Thatcher,Wagner and Wright 
in Yeh, 1978, or the survey article by Huet and Oppen, in Book, 1980. 


PROBLEMS 


2.4.1. Let A and B two »-algebras and X a subset of A. Assume that A 
is the least subalgebra generated by X. Show that if h; and hg are 
any two homomorphisms from A to B such that hy and hz agree on 
X (that is, hi(#) = he(x) for all « € X), then hy = he. 


2.4.2. Let h: A—B bea homomorphism of /-algebras. 


(a) Given any subalgebra X of A, prove that h(X) is a subalgebra of 
B (denoted by h(X)). 


(b) Given any subalgebra Y of B, prove that h~1(Y) is a subalgebra 
of A (denoted by h7!(Y)). 


2.4.3. Let h : A — B be a homomorphism of y-algebras. Let = be the 
relation defined on A such that, for all x,y € A, 


xy if and only if h(x) = h(y). 


Prove that © is a congruence on A, and that h(A) is isomorphic to 
A/ ©. 
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2.4.4. 


2.4.5. 


* 2.4.6. 


2.5.1. 
2.5.2. 
2.5.3. 
2.5.4. 
2.5.5. 
* 2.5.6. 
* 2.5.7. 


* 2.5.8. 


Prove that for every S-algebra A, there is some tree algebra Ty(X) 
freely generated by some set X and some congruence © on Ty(X) 
such that Ty(X)/ & is isomorphic to A. 


Let A be a }-algebra, X a subset of A, and assume that [X] = A, 
that is, X generates A. 


Prove that if for every =-algebra B and function h : X — B there 
is a unique homomorphism h: A — B extending h, then A is freely 
generated by X. 


Given a S-algebra A and any relation R on A, prove that there is a 
least congruence © containing R. 


Do problem 2.4.1 for many-sorted algebras. 
Do problem 2.4.2 for many-sorted algebras. 
Do problem 2.4.3 for many-sorted algebras. 
Do problem 2.4.4 for many-sorted algebras. 


Do problem 2.4.5 for many-sorted algebras. 


Do problem 2.4.6 for many-sorted algebras. 


Referring to example 2.5.2, prove that the quotient algebra Ty(N)/ = 
is isomorphic to the stack algebra A. 


Prove that the least congruence containing the relation R defined 
below is the congruence = of problem 2.5.7. The relation R is defined 
such that, for all trees X of sort stack and all trees a of sort int: 


POP(PUSH (a, X) 
POP(A 
TOP(PUSH (a, X) 
TOP(A 


Rstack X, 
Restack A, 

Rint 4, 

Ring ERROR. 


This problem shows that the stack algebra is isomorphic to the quo- 
tient of the tree algebra Ty(N) by the least congruence © containing 
the above relation. 
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Accepted 
deterministically in polynomial time, 
52 
nondeterministically in polynomial 
time, 52 
Accepting 
computation, 52 
state, 51 
Ackermann’s function, 11, 373 
a-formula, 90 
Alphabet, 12 
of a first-order language, 147 
of a many-sorted first-order language, 
449 
for propositional formulae, 32 
Analytic consistency property, 227, 251 
Ancestor, 15 
And, 32, 147 
Answer substitution, 430 
Antecedent, 62 
Anti-Horn clause, 434 
Antisymmetric, 8 
Arithmetic expression, 17 
Arity, 16, 148, 449, 483 
Assignment, 159 
of sort s, 453 
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cut, 263 
formulae, 149 
proposition, 68 
Atomically closed, 70 
Atoms, 17 
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Binary 
relation, 5 
resolution, 407 
Binds, 171 
Boolean algebra, 50, 104, 178 
Bound variable, 154 
Bounded, 100 
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Canonical function, 7 
Cardinality, 7 
Carrier, 158, 478 
of sort s, 483 
Cartesian product, 4 
c-formula, 192 
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Characterization of Consistency in LK’, 
114 
Church, 2, 30 
Church’s theorem, 216, 373 
Church-Turing thesis, 370 
c-instance, 359 
Clause, 118, 378 
form, 378 
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under complementation, 53 
equality axioms, 246, 268 
equality axioms for S, 292 
formula, 154 
under the functions in F’, 19 
leaf, 61, 83 
under the operations, 479, 485 
term, 154 
tree, 85 
Closure conditions, 17 
CNF, 73 
Compactness theorem 
for first-order languages of any cardi- 
nality, 185 
for G, 218 
for G’, 94 
for Gz, 243 
Complete, 30 
induction, 9 
set of propositions, 98 
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sets of connectives, 175 
Completeness, 2 
of G’, 72 
of G1", 272 
of G12", 281 
of GCNF’, 123 
of ground resolution, 380 
of LK’ (with cut), 116 
of proofs in SLD-form, 419 
of resolution, without equality, 404 
of SLD-resolution for Horn clauses, 
426, 431 
of the resolution method, proposition- 
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Complexity, 71 
theory, 369 
Components of a signed formula, 90, 192 
Composition, 5, 371 
Compound instance, 357, 359 
Computability, 369 
Concatenation, 13 
Conclusion, 63, 66 
Congruence, 233, 462, 481, 486 
closure of E, 463 
on a graph, 461 
Conjugate 
of a literal, 118, 378 
of a set of literals, 396 
of a signed formula, 90 
Conjunctive normal form, 73, 118 
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in G, 218 
in G’, 94 
lemma for G, 218 
lemma for G’, 95 
lemma for G_, 243 
in LK’, 114 
properties, 255 
property, 103 
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Constant of sort s, 483 
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Correctness 
of the congruence closure algorithm, 
A472 
of the linearization process, 425 
of SLD-resolution as a computational 
procedure, 441 
of the unification algorithm, 390 
Countable 
sequence, 7 
set, 7 
Countably 
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Craig’s interpolation theorem 
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elimination theorem, 97, 110 
elimination theorem for G1" , 280 
elimination theorem for G12”! , 283 
elimination theorem for LK’, 113 
formula, 97, 109, 111, 223, 258, 270 
rule, 97, 109, 110, 111, 223, 257, 258, 
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Cut-free, 97 
proof, 110 
Cut-rank 
in G1""F , 273 
in G12’, 282 
Cycle, 475 
Cylindric algebra, 178 


DAG, 127 
Decidable, 373 
Decision procedure 
for quantifier-free formulae, 470 
for quantifier-free formulae without 
predicate symbols, 466 
Deduction 
rule, 29 
system, 29 
theorem, 80, 221 
tree, for G, 188 
tree, for G’, 62, 66 
tree, for G1"! , 272 
tree, for GCN F’, 120 
tree, for LK, 259 
tree, many-sorted case, 458 
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Defined inductively, 17 
Definite 
answer, 438, 442 
answer lemma, 438 
clause, 411, 428 
Definitional extension, 249 
Degree of a formula in NNF, 273 
Denumerable set, 7 
Depth, 15 
d-formula, 192 
Direct 
image, 6 
product, 186 
Directed acyclic graph, 127 
Disjunctive normal form, 57, 73 
DNF, 73 
Domain, 5, 158 
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Downward closed, 103 
Dual, 57 
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of a DAG, 127 
Eigenvariable, 188, 259, 271, 457 
condition, 188, 259, 271, 457 
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equivalent structures, 186 
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clause, 126 
string, 13 
Equality 
axioms of LK., 262 
rules for G=, 236, 458 
symbol, 147 
Equation, 282, 285 
Equational 
language, 285 
logic, 287 
Equivalence, 32, 147 
class of x modulo R, 7 
relation, 7 
E-resolution method, 407 
Essential cut, 263 
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Existence 
condition for f, 248 
of the congruence closure, 467 
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of a language, 194 
of a structure, 194 
step, 70 
Explicit definability, 295 
Extended 
completeness theorem for G’, 94 
completeness theorem for G + {cut}, 
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language L(M), 164 
quantifier rules, 198 
rule 4: right, 198 
rule V: left, 198 
Extension, 12 
Extra formula, 63 


Factor, 407 
Factoring, 407 
rule, 407 
False, 32 
Falsehood, 147 
Falsifiable 
propositional finite sequent, 64 
sequent, first-order case, 188 
sequent, propositional case, 85 
Falsifies, 41, 85 
Family, 7 
Filter, 100, 105, 183 
generated by, 100 
Finished leaf 
first-order case, no equality, 208 
propositional finite case, 68 
propositional infinite case, 83 
special case, 199 
Finite 
intersection property, 100, 105 
labeled graph, 461 
path, 15 
sequence, 7 
set, 7 
tree, 14 
Finite-branching, 14, 89 
Finitely axiomatizable, 106 
First-order 
languages without equality, 148 
languages with equality, 230 
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For all, 147 
Formula, 1 
first-order case, 149 
many-sorted, 451 
Free 
and Bound Variables, 153 
structure, 368, 435 
variable, 153 
Freely generated 
by X, 480, 485 
by X and F, 21 
From Resolution Refutations to 
GCN F’-proofs, 137 
Function 
CONGRUENT, 471 
K, for formulae, 151 
K, for terms, 150 
symbols, 148, 449 
Functional, 5 
form, 342 
form of a sequent, 340 
reflexivity axioms, 409 
Functionally complete set, 45 


G-congruence, 462 
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Hauptsatz for LK, 261 
Hauptsatz for LK’, 113 
Hauptsatz for LKe, 268 
sharpened Hauptsatz, 304, 320 
system G for languages without equal- 
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system G’, 63 
system G1", 270 
system G2", 327 
system G22", 337 
system Ge, 236 
system LK, 257 
system LK’, 110 
system LK,, 262 
system LKe,1, 293 
system LK , 288 
Goal clause, 412, 428 
Godel, 2 
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G, 216, 458 
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Gi, 242, 459 
incompleteness theorem, 300, 370 
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G-provable, 259 
G’-provable sequent, 111 
Graph, 5 
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lower bound, 8 
Ground clause, 378 
Ground 
resolution, 377 
resolution method, 379 
substitution, 343 
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method, 224 
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structure, 435 
theorem, 303, 365 
theorem for prenex formulae, 344 
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system, 79, 116, 219, 247, 255 
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first-order language with equality, 
231 
first-order language without equality, 
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many-sorted case, 458 
propositional case, 90 
propositional unsigned case, 99 
Homomorphism, 23, 107, 478, 484 
of structures, 181 
Horn clause , 410, 411 
in PROLOG notation, 428 
formula, 59, 101, 186 
H-tree, 422, 446 
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Identity relation, 6 
J-indexed sequence, 7 
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descendants, 98, 226, 262, 284 

successor, 14 
Implication, 32, 147 
Implicit definability, 295 
Incomplete, 300 
Inconsistency in G’, 94 
Inconsistent, 94 
Indefinite answer, 438, 442 
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Lower bound, 8 
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first-order logic, 1, 448 
L-structure, 453 


SUBJECT INDEX 
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Matrix of a formula, 309 
Maximal, 8, 100 
consistency, in G=, 244 
consistent set, 96, 115, 224 
consistent set, in G, 218 
quantified subformulae, 326 
Maximally consistent, 96, 115 
Meaning, 1 
of a formula, 160 
of a term, 160 
Meta-language, 33 
Meta-variables, 33 
Midsequent, 320, 334, 337 
Minimal, 8 
Minimization, 372 
Model, 455 
of A, first-order case, 162 
of computation, 3 
existence theorem for G, 218 
existence theorem for G’, 94 
existence theorem for G=, 243 
of a set of formulae, 162 
theory, 1, 29, 245, 255 
Theoretic Semantics, 434 
Modus ponens, 79, 220 
Monadic predicate calculus, 182 
Monotonic, 24 
Most common instance, 382 
Most general unifier, 382 
Multiset, 25, 111, 259 
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deduction system, 116, 255 
numbers, 7 

Negation 

by failure, 445 

normal form, 74, 269 
Negative 

clause, 412, 428 

set of literals, 396 

Nelson and Oppen, 460 
NNF, 74 

Node, 14, 461 

of a DAG, 127 

Nonatomic proposition, 68 
Nondeterministic, 51 
Nonlogical symbols, 148, 449 
Nonstandard model, 244, 245 


Nontrivial sequent, 120 
Nonvoid sort, 485 

Normal form, 3 

lemma for GCN F’, 122 
Not, 32, 147 


NP, 51 
NP-complete, 53 
NP-hard, 53 
Null 

path, 15 
string, 13 


Object language, 33 
Occur check, 387 
One to one, 6 
Onto, 6 
Open 
equality axioms, 247 
formula, 154 
Operations, 18 
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algorithm, 471 
Or, 32, 147 
Outdegree, 14 
Output variables, 434 


P, 51 
Padoa’s method, 297 
Paramodulant, 408 
Paramodulation, 377 

method, 407 

rule, 407 
Partial 

function, 5 

order, 8 

recursive functions, 370, 373 
Partially 

decidable, 373 

ordered set, 8 
Partition, 7, 289 
Peano’s arithmetic, 163, 244, 300 
Permutability lemma for LK, 314 
Polynomial-time reducibility, 53 
Polynomially reducible, 53 
Poset, 8 
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Positive Program, 434 
formula, 181 Projections functions, 372 
set of literals, 396 PROLOG, 3, 410 
Possible definition Proof, 2 
of f, 249 in SLD-form, 413 
of P, 249 theory, 2, 29 
Powers, 7 tree, for G, 188 


Power-set, 478 
Precedence, 35 
Predecessor, 15 
Predicate symbols, 148, 449 
Prefix, 13 

notation, 36 
Premise, 63 


tree, for G’, 66 

tree, for G1", 272 

tree, for GCN F’, 120 

tree, for LK, 259 

tree, for LK’, 111 

tree, many-sorted case, 458 


Prenex without weakening, 414 
form, 305 Proper, 13 
formula, 305 filter, 100, 105, 183 
Preorder traversal, 384 Property of finite character, 103, 228, 
Preserved under 251 
homomorphisms, 181 Proposition symbols, 32 
reduced products, 186 Propositional 
Primitive formulae, 32 
recursion, 371 logical rules, 270 
recursive function, 365, 371, 372 Propositions, 1, 32 
Principal Provability, 1 
filter, 106 Prevails 
formula, 63, 111, 188, 259, 271, 457 P ' 
in G’, 66 
Procedure «fini 
expand, first-order case, no equality, = nite Bequent, 80 
209 Pure-variable proof tree, 312 


expand, language with equality, 240 
expand, propositional finite case, 69 Quantifier rules for subformulae, 327 
expand, propositional infinite case, 84 Quantifiers, 147, 449 
expand, special case, 200 Gus 434 : 
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209 Loh 
grow-left, special case, 201 algebra, 482, 487 
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search, language with equality, 241 
Rectified formula, 171, 456 
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search, propositional infinite case, 83 Recursive 

search, special case, 199 function, 373 
test-and-substitute, 385 function theory, 369 
unification, 385 Recursively, 20 
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product, 101, 183, 184 
Reduct 
of a language, 194 
of a signed set, 194 
of a structure, 194 
Reduction lemma 
for G1""!, 277 
lemma for G12"! 282 
Reflexive, 7 
and transitive closure, 8 
Reflexivity 
axiom, 408 
rule, 236 
Rejecting 
computation, 52 
state, 51 
Relational version, 248 
of a language with equality, 247 
Resolution, 117 
DAG, first-order case, 397 
DAG, propositional case, 130 
method, 3 
method for first-order logic without 
equality, 395 
method for propositional logic, 128 
refutation, first-order case, 397 
refutation, propositional case, 130 
steps, 130, 397 
Resolvent 
first-order case, 396 
propositional case, 129 
Restriction, 12 
Result substitution 
a, 430 
0;, 440 
Rewrite rule, 407 
Robinson, J. A., 117, 377 
Robinson’s joint consistency theorem, 
300 
Root, 14, 462 
Round, 70 
counter, 239 
Rule 
Ry, can be permuted with Re, 314 
with contraction, 330 
without contraction, 330 
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Satisfaction, 455 
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or signed formulae, 193 
Satisfiability 

unctional form, 342 

problem, 42 

Satisfiable, 42 

ormula, first-order case, 162 
in M, first-order case, 162 
sequent, propositional case, 85 


set of formulae, 162 

set of propositions, 94 
Satisfies, 41 

a signed set, 90 
Schwichtenberg, 273 
Scope, 15 
Searching for a counter example, 60 
Selected atom, 424, 429 
Semantic consequence 

first-order case, 162 

propositional case, 42 
Semantics, 1, 30 

of formulae, 158 

of logic programs, 437, 439 
Sentence, 154 
Separating pair of substitutions, 396 
Sequence, 7 
Sequent, 62 
Set 

of predecessors, 462 

of sorts, 449, 483 

of states, 51 

of types, 449, 483 
Sharpened Hauptsatz 

for G1"™ and G2""s , 334 

for G12 and G22"s , 337 


Side formula, 63, 111, 188, 259, 271, 327, 
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b-algebra, 477 


o-matrix of the functional form of A up 


to 7, 346 
s-tree, 16 
of sort s, 487 
Signature, 16 
Signed formula , 89, 192 
of conjunctive type, 90 
of disjunctive type, 90 
of existential type, 193 
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first-order language with equality, 
231 
of type a, 90 
of type b, 90 
of type c, 192 
of type d, 192 
of universal type, 193 
Signed set of formulae, 90 
Simple formula, 206 
Simply stratified alphabet, 16 
Singulary, 56 
Skolem 
constant symbol, 340, 358 
form, 358 
function symbol, 340, 358 
normal form, 342, 358 
Skolem-Herbrand-Gédel theorem, 303, 
365 
after Andrews, 364 
SLD-derivation, 423, 428 
SLD-refutation, 424, 429 
SLD-resolution, 410 
method, 424 
Smorynski, 371 
Smullyan, 89, 95, 229 
Son, 14 
Sort, 448, 449, 483 
Sound, 2, 30 
Soundness 
of the resolution method, proposition- 
al case, 131 
resolution without equality, 399 
SLD-resolution, 430 
the system G, 192 
the system G’, 67 
the system G, many-sorted case, 
458 
the system GCN F’, 121 
the system Gins, 281 
the system G22"), 337 
the system G2" , 328 
the system Gi, 239 
the system LK, 260 
of the system LK’, 112 
Source, 15 
S-ranked alphabet, 483 
Stacks of natural numbers, 484 
Strict order, 9 
String, 12 
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Structural 
induction, 9 
rules, 110, 257 
Structure (first-order), 158 
Subalgebra, 479, 484 
Subformula, 171, 456 
property, 262 
Substitution, 57 
function, 285, 342 
instance, 342 
lemma, 276 
pair, 343 
in tautologies, 173 
of a term, 155 
Substring, 13 
Substructure, 183 
Subsumes, 144, 406 
Subtree rooted at u, 15 
Succedent, 62 
Successor function, 372, 461 
Suffix, 13 
Support of the substitution, 285, 342 
Surjective, 6 
Symmetric, 7 
Syntax, 30 
rules, 28 
Synthetic consistency property, 228, 252 
System GCN F’, 120 
Systematic deduction tree, 68, 199 
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Tait, 273 

Target, 15 

Tarski, 1, 178 
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Tautology, 31, 42 
problem, 42 

Term 
algebra, 194 
constructors, 194 
first-order case, 148 
free for x in A, 156 
of sort s, 451 

Terminal node, 462 

Theory, 225, 249 
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There exists, 147 
To the left, 15 
Total function, 5 
order, 8 
Transitive, 7 
closure, 8 
Translation, 247 
conditions, 248 
Tree, 14 
address, 14 
domain, 13 
replacement, 15 
Trivial sequent, 120 
Truth, 1 
assignment, 39 
function, 39, 45 
functionally implies, 228, 252 
functionally inconsistent, 228, 252 
functionally valid, 228, 252 
table, 39 
table method, 44 
value, 1, 39, 40 
T-translate, 247 
Turing machine, 51, 370 
Type, 448, 449, 483 


Ultrafilter, 101, 106, 184 
Ultraproduct, 101, 184, 185 
Uncountable, 7 
Underlying tree, 127 
Unification, 377 

algorithm, 385 

closure, 473, 474 

closure problem, 473 
Unifier, 381 

of S, 382 


Unique homomorphic extension, 23 
theorem, 22, 480, 486 
Uniqueness condition for f, 248 
Universal 
algebra, 488 
closure, 180, 285 
equation, 285 
scope of a formula, 357 
Unsatisfiable, 42 
Upper bound, 8 
Upward closed, 104 


Valid 
proposition, 42 
formula, first-order case, 162 
in M, first-order case, 162 
propositional finite sequent, 64 
sequent, first-order case, 188 
sequent, propositional case, 85 
set of formulae, 162 
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functional form, 342 
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